Hi !
I think one of my machine got hacked, but I can figure out from where...
I found some suspicious file in /bin and /usr/bin directories that are owned
by user id 122, where this machine doesn't a userid 122.
So, does anyone hav a centos 3.9 install arround that can send me the info
about
Nicolas Ross wrote:
Hi !
I think one of my machine got hacked, but I can figure out from where...
I found some suspicious file in /bin and /usr/bin directories that are
owned
by user id 122, where this machine doesn't a userid 122.
So, does anyone hav a centos 3.9 install arround that can
On Feb 7, 2011, at 10:14 AM, m.r...@5-cent.us wrote:
Nicolas Ross wrote:
Hi !
I think one of my machine got hacked, but I can figure out from where...
I found some suspicious file in /bin and /usr/bin directories that are
owned
by user id 122, where this machine doesn't a userid 122.
I think one of my machine got hacked, but I can figure out from where...
I found some suspicious file in /bin and /usr/bin directories that are
owned
by user id 122, where this machine doesn't a userid 122.
So, does anyone hav a centos 3.9 install arround that can send me the
info
One
On 02/07/11 10:06 AM, Nicolas Ross wrote:
So, does anyone hav a centos 3.9 install arround that can send me the info
about (filesize, md5, modification date) these file :
is that a 3.9 install that never got any updates afterwards? is that
x86_64 or i686?etc etc.
that data is pretty
On 02/07/11 10:06 AM, Nicolas Ross wrote:
I found some suspicious file in /bin and /usr/bin directories that are owned
by user id 122, where this machine doesn't a userid 122.
oh. get and run rkhunter. preferably do it on read only media via
another system.
John R Pierce wrote:
On 02/07/11 10:06 AM, Nicolas Ross wrote:
So, does anyone hav a centos 3.9 install arround that can send me the
info about (filesize, md5, modification date) these file :
is that a 3.9 install that never got any updates afterwards? is that
x86_64 or i686?etc etc.
2011/2/7 Nicolas Ross rossnick-li...@cybercat.ca
mds5um has been tempered with also... It return those expected values, but
a
md5sum programm I took elsewhere was returning another value...
not all md5sum programs are the same, check several programs before deciding
what's next.
On Mon, Feb 07, 2011 at 01:06:56PM -0500, Nicolas Ross wrote:
Hi !
I think one of my machine got hacked, but I can figure out from where...
I found some suspicious file in /bin and /usr/bin directories that are owned
by user id 122, where this machine doesn't a userid 122.
So, does
On 02/07/11 10:06 AM, Nicolas Ross wrote:
I found some suspicious file in /bin and /usr/bin directories that are
owned
by user id 122, where this machine doesn't a userid 122.
oh. get and run rkhunter. preferably do it on read only media via
another system.
Ok, good tool, and good
On Monday, February 07, 2011 10:21:18 am Nicolas Ross wrote:
mds5um has been tempered with also... It return those expected values, but
a md5sum programm I took elsewhere was returning another value...
Once you've been hacked, you can't trust the core utilities (ls /
md5sum/cd/etc) You can't
On Mon, 2011-02-07 at 15:27 -0800, Benjamin Smith wrote:
A) Determine just how far they got in (did they get access to other systems?)
All the bad stuff only resided in Volatile Memory and you Erased it when
you shut down the machine and forgot to copy the Memory.
:-)
John
Niccolas,
I agree with John. rkhunter is your friend!
I set up all my servers to run nightly with weekly updates.
Peace,
Allan
John R Pierce wrote:
On 02/07/11 10:06 AM, Nicolas Ross wrote:
I found some suspicious file in /bin and /usr/bin directories that are owned
by user id 122, where this
13 matches
Mail list logo