Hi,
If you're certain you've been hacked, the best thing to do would be to start
from scratch: reinstall a fresh copy of linux and reconfigure everything.
There's no way you'll be able to find out all the trojans or rootkits
installed in your box by the cracker.
You could check your logs in /var/log to see if there has been some
un-natural activity on your linux box.
If you already had a program like tripwire installed, you can use that to
verify your binaries. You could also use the verify feature of rpm to verify
your packages: rpm -V <packagename>
Again, these are only valid if the cracker hasn't modified your tripwire and
rpm databases and logs.
In short, the safest thing to do is to take your linux box off the network
and re-install linux from scratch....
Regards,
Vinu.
On Friday 14 September 2001 10:07 am, [EMAIL PROTECTED] wrote:
> Dear friends.
>
> I think my server has been hacked. [Redhat 6.2]. While logged on to the
> server thru telnet, some time my password is flashed on the terminal /
> telnet screen or email address of the last mail which I send is shown in
> the command prompt. other wise all the other services are working normally
> [Sendmail/httpd/dns/ftp etc]. Telnet is allowed only for the local staff on
> local network. from outside only ssh,ftp,smtp,dns is allowed. Can u pls
> tell me which files/script I should check. How do I check if the fil has
> been altered. date and time stamp of login, bash have not been changed. Pls
> help me come out of this problem
>
> regards
>
> -- RR
>
> _______________________________________________
> linux-india-help mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/linux-india-help
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
