[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: slave DNS ... Updated .. compromised system



> I just found out my system that was having problems updating was
> compromised. I tried rebooting today and got this error message:
>
<snip>
> With some digging, I found 4 accounts that I did not create, and one of
> them had a .sk file, and a file with the usernames and groups that were
> added. With some digging I found some info on the web about some kind of
> admin resource kit that allows you to do this.
>
> The machine still seems to work fine, the only place I received this
> error was when trying to reboot. Reboot, shutdown -r now, and any init
> commands produce this error.
>
> Before I reinstall, does anyone know what I can do to fix this?

Reinstall. sorry, but you cannot have any idea about how far into the
system the perp went or what they did while there.

After reinstall, change all passwords that have any shell access, and use
an IDS in layers. Unless you do that, you are never sure about your
system.

Sorry. good luck with it.

-- 
Keith Mastin
BeechTree Information Technology Services Inc.
Toronto, Canada
(416)696 6070





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]