On Tue, 9 Oct 2001, gabriel wrote:
> k
> i've been going crazy
> i think someone's been hacking into my webserver
> but i don't know how to be sure
>
> typing "last" at the command line returns a list of past logins
> and there's no one on there but me.
> but also on that list is the following line:
>
> reboot system boot 2.4.4-4GB [date] [time] (01:20)
>
> and i didn't reboot my machine at that time.
> my messages.log file is cleared to that date
> ie, i have no entries from before october 9th @ 11:49
> the time this "reboot" happened
>
> does anyone know what's going on?
> any suggestions?
>
> i have the following installed:
> redhat 7.1
> bind 9 (came with 7.1)
> proftpd (downloaded/installed)
> apache 1.3.20 (downloaded/installed)
The messages.log files are rotated. So maybe the older messages
are in messages.log.1.
For one way to check if your machine has been cracked, see
http://www.chkrootkit.org/
--
Steven Yellin
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
