[plug] Fw: I am so sorry!Your hosts was hacked!
Anthony J. Breeds-Taurima
tony at cantech.net.au
Sat Apr 7 08:40:51 WST 2001
On Fri, 6 Apr 2001, Linux wrote:
> Hi all I have just recieved this most polite email and have verified its
> correctness
> I have also followed the instructions.
> I thought that I had the latest version of bind 8.2.2-P3
As of 29/1/2001 the latest version of binda available from redhat was
8.2.3 You can get it from
http://www.redhat.com/support/errata/RHSA-2001-007.html
Also you may like to look at:
http://www.redhat.com/support/alerts/Adore_worm.html
Unless I'm confused what the worm didn't tell you is that you user information
has been emailed a site in china and will be run throught server (I guess)
dictionary attacks to try and gain access to the machine (and any others that
you administer [where you've used the same creditials])
I'm sure other people on this list are more qualified to help you locate the
backdoor if it exists. I'd be tempted to backup my data and rebuild the
system from scratch.
You really should keep up to date with the securty RPMS from Redhat
The link above should be checked religously if you are not on the announce
mailing list.
GoodLuck.
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/
More information about the plug
mailing list