Hi all,
My server RH 7.0 (soon upgrading to 8) has been again hacked vi ftp . It has been twice and the process is same. They login via ftp (anonymous) user. Chkrootkit program shows ifconfig, ls, netstat, ps, syslogd, tcpd, top, rexedcs infected. Using 'last |grep connected' command, I found 2 users still connected with username ftp from ip 210.90.225.193 and 202.56.215.25. I can still ping these ips. How can I inform the system administrator of respective ips?
Regards Nabin Limbu
You might want to try RIPE[0].
Sincerely,
Alex
[0]: Google is your friend, but in case it isn't, http://www.ripe.net/db/whois/whois.html
P.S. Also, might want to check out LACNIC and ARIN as well.
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
