Can You Interpret This Hacker's Script?
sjansen at buscaluz.org
Thu Oct 1 12:24:07 MDT 2009
On Thu, 2009-10-01 at 12:21 -0600, Kimball Larsen wrote:
> I also ran chkrootkit and rkhunter - both came back clean, so I don't
> think the box has been p0wn3d.
As always, you have to ask yourself how lucky you feel. While this might
appear to be clumsy and failed attack, what you've found so far could
just be a diversion.
The old advice "the only way to be sure is to reinstall" still applies.
If this is a personal server, it might not be worth it. If this box is
on a privileged part of your work network, or has sensitive data, it's
definitely worth being sure.
"XML is like violence: if it doesn't solve your problem, you aren't
using enough of it." - Chris Maden
More information about the PLUG