Bob -
First step, pull the network connection on the box. Stop any
possible transmissions out, or use of the system for relay.
Literall pull the cord. Then you
can see if you can figure out what it's looking at, then do a
reinstall from original CD-ROMS.
After all that, relook at the firewall (or put one in place).
jeff
On Wed, 19 Jul 2000, Derek Martin wrote:
> Date: Wed, 19 Jul 2000 16:45:02 -0400 (EDT)
> From: Derek Martin <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: Greater NH Linux Users' Group <[EMAIL PROTECTED]>
> Subject: Re: FWD: Question about a library, post hacker
>
> On Wed, 19 Jul 2000 [EMAIL PROTECTED] wrote:
>
> > People,
> > I had a question from someone who had been hacked.
> > They said:
> > > > we have a process that is running - /usr/lib/lib-gblo.1.3.so
> > > > that is taking up some massive CPU cycles.
> > > > Do you know anything about this file? Does it
> > > > exist on any of your systems?
> > > >
> > I can't find any reference to it. rpm -qf doesn't show anything.
> > They only install using rpms on a RH 6.x system.
> > Any thoughts?
>
> Yeah, they were hacked. Reinstall from scratch, IOW format your hard
> drive and start over.
>
>
>
------------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9379 fax:978.446.9470
------------------------------------------------------------------------
Thought for today: Drilling for oil is boring.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
