[nSLUG] computer compromised

Renouf, Phillip prenouf at Mobility.com
Thu May 2 10:43:04 ADT 2002


You need to blow this box away and start from scratch. You will never know
if you have gotten all the backdoors, trojans, hacked programs and holes
that this guy used/installed. Start from scratch with an up to date distro
and apply every stinking security related patch you can find. Disable
anything you don't use and go from there.

Phil

> -----Original Message-----
> From: Miller [mailto:millerb at hfx.eastlink.ca] 
> Sent: Wednesday, May 01, 2002 9:45 PM
> To: Nslug (E-mail)
> Subject: [nSLUG] computer compromised
> 
> 
> I was wondering if anyone could help or known of script or 
> program called 
> sshdu I don't think its part of "shadow-utlis" or is it a 
> script to run 
> longside shadow,my intruder was very busy.I have been trying 
> to follow his 
> foot steps and disarm the programs that l find .I would hate 
> to reinstall 
> over them.
> I have followed some of the ip address that were lefted 
> ,should l notify 
> them that they to may have been compromised????????
>                                                           
> Thank Barry  
> 
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
> 



More information about the nSLUG mailing list