FC9 Compromised...

Michael Schwendt mschwendt at gmail.com
Sat Feb 28 08:39:18 UTC 2009


On Fri, 27 Feb 2009 13:32:11 -0800, Jack wrote:

> Disagree, if anyone used the root password they had to know what it 
> was... 27 characters
> 
> It's probable that they got in through a pop3 account on one machine.

On "one machine", but what about the other machines?
Did they use the same root pw?
If not, what services did the machines have in common?

> No rootkits found, no trojans or viruses found.

chkrootkit and rkhunter may not be sufficient when analyzing the
systems. Preferably examine the filesystem read-only mounted, and
also do RPM database verification with an external RPM.




More information about the fedora-list mailing list