Richard Scott McNew wrote:
I've had two Linux boxes compromised before. On the first, which was
connected to the Internet via a modem (!), the shell started behaving
strangely. I don't remember what it did exactly, but the root kit that
hit the machine replaced some executables without noticing that the
replacements linked with the wrong libraries. Duh. Then I not only
wiped the machine, I switched distributions.
Shane: What distros were you using that were compromised?
Caldera Open Linux and Mandrake. I blame myself for the first one,
since I was lax with updates, but Mandrake surprised me. In the first
case, they got in through an Apache vulnerability involving long request
lines. The Mandrake break-in was pretty clean and I couldn't figure out
exactly how they got in.
Shane
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
