Results 21 to 23 of 23
sure, but if the date resembles the date when the problems (or notice) startted...
it sure isn't foolproof, but it can help you.
if you didn't updated in a couple ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 07-29-2005 #21Linux Newbie
- Join Date
- Jul 2005
- Location
- ~/home
- Posts
- 105
sure, but if the date resembles the date when the problems (or notice) startted...
it sure isn't foolproof, but it can help you.
if you didn't updated in a couple of weeks, and the date is from yesterday...
a bell should rinkle
- 08-04-2005 #22Just Joined!
- Join Date
- Dec 2004
- Posts
- 22
Something else you can look at to double check….
Try looking at your log files, are you missing chuncks of time in logs that should have concurrent entries everyday? This is one good sign that you have been ‘hacked’. Another good way to test is monitor your traffic in and out of that server using a program I found a while back called ‘iftop’. It’s a great tool for watching port connections etc on the machine.
Everyone in here is correct on what you should do. However an OS Realod of your system is probably the best way to completely clean your system out. There is no telling what the malicious user has placed on your system. There could be ‘time-bombs’ on the sysetm, that you “think” you’ve cleaned the system but the executbles will open another backdoor, if any, and gain root access again.
Secure your directories next time, harden the machine and keep those punks out.
- 08-07-2005 #23Linux Newbie
- Join Date
- Jan 2004
- Location
- Belgrade, S&M
- Posts
- 177
If you want to be absolutely shure about leaving no backdoors you have to reinstall. However, if you can sleep at night knowing you only replaced the bad files i guess it is ok too
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
