Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
Arthur Pemberton
dalive at flashmail.com
Sun Apr 3 12:19:50 UTC 2005
Scot L. Harris wrote:
>On Sat, 2005-04-02 at 23:20, Arthur Pemberton wrote:
>
>
>
>>Looks like i've been root ktited :(
>>
>>My googling turned up this, which shows a case of my symptoms.
>>
>>:(
>>
>>How do I recover from this
>>
>>
>
>Bare metal re-install is the only real thing to do. I hope you had
>backups of your important data from a time before the suspected root kit
>was installed.
>
>Any idea on how they got in? phpnuke on the system?
>
>
>
I downloading Knoppix now so I can recover my maildirs. Most other stuff
should be up-to-date enough from my last install. I can't be 100% sure
that I was not comprised since my last backup. But I only really backup
text files (configs, mail, webpages, scripts, sql dumps). I don't think
I had phpnuke installed. I had PhpBB installed. But I disabled it since
I heard of the security prob in it awhile back.
I only sign I had time find was that vsftpd's log file was missing..
It's been awhile now attempts have been made to get in via ssh and
guessing login username/passwords, btu those attempts seemed to be just
bots , and were never even close. I guess when I mount the partion ro
I'll take a quick look a the logs.
More information about the fedora-list
mailing list