Can You Interpret This Hacker's Script?

Mike Lovell mike at dev-zero.net
Thu Oct 1 12:29:08 MDT 2009


Stuart Jansen wrote:
> On Thu, 2009-10-01 at 12:21 -0600, Kimball Larsen wrote:
>   
>> I also ran chkrootkit and rkhunter - both came back clean, so I don't  
>> think the box has been p0wn3d.
>>     
>
> As always, you have to ask yourself how lucky you feel. While this might
> appear to be clumsy and failed attack, what you've found so far could
> just be a diversion.
>
> The old advice "the only way to be sure is to reinstall" still applies.
> If this is a personal server, it might not be worth it. If this box is
> on a privileged part of your work network, or has sensitive data, it's
> definitely worth being sure. 
>
>   
i would at least go through and change passwords if you decide to not 
re-install.

mike



More information about the PLUG mailing list