Well, I normally wouldn't have scanned a fresh system for unknown
processes and executables (more the fool me), but the system was
running really slow so I did a top to find out what process was
hogging the CPU/bus. Saw three processes which I'd never seen on a
Unix box before, and then found that these processes didn't apear in a
ps listing.
The rest was easy: figured out ps had been trojaned, the home
directory of the rogue processes (/usr/lib/lib, which also contained
tons of other rogue programs) and also that /var/log/messages had been
cleaned. Decided to reinstall.
Never figured out how the system got cracked into, since the log was
missing. It was either sendmail or named, since everything was fine
after upgrading those. Most probably named, I guess.
Regards,
-- Raju
>>>>> "Mithun" == Mithun Bhattacharya <[EMAIL PROTECTED]> writes:
Mithun> Professional interest and wicked hacker interest including
Mithun> care to tell us all about the hack and how you found it
Mithun> out Raj ???
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
------------------------------------------------
An alpha version of a web based tool to manage
your subscription with this mailing list is at
http://lists.linux-india.org/cgi-bin/mj_wwwusr
