Kilaru Sambaiah forced the electrons to say:
> We are using RHL 6.2 as proxy server. The proxy software is Squid.
> It is giving some problems on dual processor intel machine.
> We are facing some problems with security. We found some entries
> in /etc/passwd file with uid 0. I found the originating ip address.
Seems like you have been rooted. If these are not the standard RHL
pseudo users, then you do have a problem. I'd suggest a reformat and
reinstall, since you won't know what all the hacker has left behind.
And after reinstall, do a proper audit of the system before you put in
on the Internet. Don't leave unwanted services open.
> Is it possible to find which country or ISP it belongs. ( I tried with
> nslookup and it is not able to find.)
Try www.arin.net and www.apnic.net (use the whois search forms at those
sites) - The first one for USA, the second for Asia-Pacific.
Binand
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/LIH
