On Fri, 16 May 2008 22:43:07 +0200 "Eric A. Bonney" 
<[EMAIL PROTECTED]> wrote:
>I have noticed that directories and files are just disappearing 
for 
>no reason at all. (..) About 15 minutes into doing this the 
/home/eric/Downloads  
>directory and all the files left in it, just disappeared.
You do not mention your retrieval method so it could well be 
something like a connection going bad, but until you unearth facts 
that's just speculation. Talking about tagging activity as 
malicious, from a M.O. point of view, you will seldom see a skilled 
"cracker" delete things in a way for you to notice because that 
would give away here presence.


>So I started going through my logs etc, and I noticed that back on 
>the 14th I had a number of attempts to get into my system via ssh 
from 
>two different ip addresses. (..) The server is Debian Etch 4.0 
with all
> the security updates installed. 
The time of the probes kind of coincides with the DSA's that went 
out on the 13th about OpenSSH and OpenSSL. You are aware of those, 
right?


>I think I am going to do a clean install over the weekend, 
A clean install could temporarily alleviate the problem but might 
only address the symptoms and not the cause. It will also wipe any 
details to investigate, so I suggest you do that first. The 
Intruder Detection Checklist (CERT): 
http://www.cert.org/tech_tips/intruder_detection_checklist.html 
might help guide you.

Good luck.


Best regards, unSpawn
---

--
Flexible Medical Administration programs. Click to start advancing your career.
http://tagline.hushmail.com/fc/Ioyw6h4fOHYT67jEVLEwwB1OAXXWrxcjt5n2bSbDPSVirlRA56AfT6/


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to