Successful SSH Attack - Need help cleaning up

Ryan Simpkins plug at ryansimpkins.com
Fri Oct 27 18:32:32 MDT 2006


On Fri, October 27, 2006 15:00, Daniel wrote:
> I have people accessing this server who don't know much about computers and
> get freaked out when some thing changes.  Will they notice something has
> changed when they use it the first time after the reinstall?


As has been suggested by others: Reinstall. Reinstall. Reinstall.

Secondly, and to back up a bit, how do you know that it was via SSH they gained
access? Is SSH the only service running on your system?

Did they infiltrate your system using another method, and then gain escalated access
via SSH? If so - reinstalling and changing SSH ports won't slow them down much.

Just my $.02.
-Ryan



More information about the PLUG mailing list