On Fri, 16 May 2008 22:43:07 +0200 "Eric A. Bonney" <[EMAIL PROTECTED]> wrote: >I have noticed that directories and files are just disappearing for >no reason at all. (..) About 15 minutes into doing this the /home/eric/Downloads >directory and all the files left in it, just disappeared. You do not mention your retrieval method so it could well be something like a connection going bad, but until you unearth facts that's just speculation. Talking about tagging activity as malicious, from a M.O. point of view, you will seldom see a skilled "cracker" delete things in a way for you to notice because that would give away here presence.
>So I started going through my logs etc, and I noticed that back on >the 14th I had a number of attempts to get into my system via ssh from >two different ip addresses. (..) The server is Debian Etch 4.0 with all > the security updates installed. The time of the probes kind of coincides with the DSA's that went out on the 13th about OpenSSH and OpenSSL. You are aware of those, right? >I think I am going to do a clean install over the weekend, A clean install could temporarily alleviate the problem but might only address the symptoms and not the cause. It will also wipe any details to investigate, so I suggest you do that first. The Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intruder_detection_checklist.html might help guide you. Good luck. Best regards, unSpawn --- -- Flexible Medical Administration programs. Click to start advancing your career. http://tagline.hushmail.com/fc/Ioyw6h4fOHYT67jEVLEwwB1OAXXWrxcjt5n2bSbDPSVirlRA56AfT6/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
