[plug] The Community's gone Crackers
Colin Rothnie
colinr at tiwest.com.au
Tue Aug 22 15:53:55 WST 2000
Ben
If you have installed a RedHat or similar RPM based system, and assuming you
can still log on to your own machine, you should check the output of the
'rpm -Va' command to see which files have changed since the original
installation (see the rpm man page for details of the -V option). Pay
special attention to any files in /sbin or /usr/sbin that are different to
the RPM version.
If you really have trojans installed, then I suggest salvaging what data and
configuration settings you can from the installation and reformatting the
disk.
If you can't log in to the machine, then create a rescue disk (try Toms root
boot floppy distribution if you don't have anything) and mount the hard disk
partitions from that. If you have another hard disk, then the easiest way
to salvage the situation would be to install afresh onto the other hard
disk, copy the stuff you want from /home and /etc from the old disk and then
reformat it.
When it is back up and running again, investigate firewalls (there are
plenty of ipchain scripts available to download) and turn off every service
you don't need. If it is Mandrake, then consider using one of their more
"strict" security settings.
If you do nothing, you run the risk that someone is capturing all your
keystrokes and knows all your passwords etc. As well, your machine could be
used for email attacks and other unsociable Internet activities.
Cheers
Colin Rothnie
More information about the plug
mailing list