[plug] Compromised

[Oliver White]

Bernard Blackham wrote:

> Hmmm, pull the network card on it? or the modem? if that's plausable.

Hehe, then I wouldn't be able to get your helpful emails. :-)

> How's you're firewall?

I have none.

> Change root password. If they're logged in as a shell, type w to see who
> exactly is logged on. It should give you something like (this is from
> mine):
>

No problem there.

> As to see what they've done, perhaps browse through the .bash_history file
> in /root/ if it's there. Anything more advanced is out of my league,
> unless you have tripwire or something similar installed.

Again... nothing.

> Hope this helps,

It certainly does. This really is quite surreal....

nmap shows nothing nasty open...
syslog has nothing nasty in it...

But 3 times tonight my IRC client has 'ghost typed' <cyanide> I hope you fall
in a big pit

Now while this is normal conversation for me, granted, I'm almost certain I
didn't type it, unless I've got some rather odd mental problem. (entirely
possible)

Anyway... all very odd.

Gnite.

--
Oliver White