Can't reboot, shutdown, or init 3
Arthur Pemberton
dalive at flashmail.com
Sun Apr 3 18:09:47 UTC 2005
Kevin wrote:
>Sorry to be a pain Arthur, but I was wondering if you
>were running iptables, firestarter etc', what your
>rules were (generally), and what servers you ran, ie
>smb/mysql/httpd/php/telnet et al.
>
>I lost 160gigs of data a few weeks ago and have just
>finished recovering it, that's why I'm starting to
>worry again :(
>
>Regards.......Kev.
>
>--- Arthur Pemberton <dalive at flashmail.com> wrote:
>
>
>>Kevin wrote:
>>
>>
>>
>>>I would be very interested to know how they got in,
>>>
>>>
>>if
>>
>>
>>>you find out please let us know. Some of us might
>>>
>>>
>>be
>>
>>
>>>able to sleep a little easier :)
>>>
>>>
>>>
>>>
>>Will do. I don't want to spend too much time cring
>>over spill milk, so I
>>think I'll just copy /var/log to my desktop and
>>analyze them there. I
>>don't think I should go into much forensics on this.
>>Had the box been
>>more hardened and they still gotten in, then I would
>>be more paranoid.
>>
>>I intend to make the box ALOT harder next time. I
>>shouls start recovery
>>by 1300 hrs. EST
>>
>>
>>
>>>
>>>
>>>
>>>
>>>
>>>>Yah, thanks. I've already found out the name of
>>>>
>>>>
>>the
>>
>>
>>>>rootkit. I jsut need
>>>>to find out how it got in.
>>>>
>>>>
>>>>
>>>>
>>>Find local movie times and trailers on Yahoo!
>>>
>>>
>>Movies.
>>
>>
>>>http://au.movies.yahoo.com
>>>
>>>
>>>
>>>
>>>
>>--
>>fedora-list mailing list
>>fedora-list at redhat.com
>>To unsubscribe:
>>http://www.redhat.com/mailman/listinfo/fedora-list
>>
>>
>>
>
>Find local movie times and trailers on Yahoo! Movies.
>http://au.movies.yahoo.com
>
>
>
How about i do a writeup on the whole incident, and post a link to a
page on my site, once i get it back up, it too was a victim.
So if there's any other info you'd like me to prodive i'll do so willingly.
Peace
More information about the fedora-list
mailing list