[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC9 Compromised...



On Fri, Feb 27, 2009 at 12:49 PM, Jack Lauman <jlauman nwcascades com> wrote:
> On Feb 25, between 1753-2046 PST several of my Fedora Core 9 machines were
> compromised. All had the latest patches applied.

At this point I would not trust any system binaries such as commands or
executable programs you don't recognize.
You could try booting with a LiveCD and use find to expose files created
recently. Most likely there is a binary somewhere in /usr/bin or /usr/sbin
with the sole task of deleting certain files to cover things up.
<snip>

> Any help on resolving this would be appreciated.  I need to get data off
> these before re-installation.

It would be informative for yourself to find out *how* the break in occurred.
You'll need to know how to prevent it once you reinstall.


~af


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]