--- On Wed, 10/9/08, Miark [EMAIL PROTECTED] wrote:
From: Miark [EMAIL PROTECTED]
Subject: [CentOS] Compromised
To: centos@centos.org
Date: Wednesday, 10 September, 2008, 3:24 AM
My wife's office server was compromised today. It
appears
they ssh'ed in through account pcguest which was set
My wife's office server was compromised today. It appears
they ssh'ed in through account pcguest which was set up for
Samba. (I don't remember setting up that account, but maybe I
did.) At any rate, I found a bazillion ftp_scanner processes
running. A killall finished them off quickly, I nuked the
On Tue, 9 Sep 2008, Miark wrote:
My wife's office server was compromised today. It appears
they ssh'ed in through
ehh? exposed to the public internet? oh my ;)
account pcguest which was set up for Samba. (I don't
remember setting up that account, but maybe I did.)
ssh will of course
Yeah pull the network plug first. Then boot up with a knoppix CD to
backup your data and/or image the disk, then reload. I'm sure you could
do a full audit of the system but reloading is likely much quicker.
A word to the wise on the account pcguest, if it was one you created,
set the shell
4 matches
Mail list logo
