[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC9 Compromised...



On Fri, 27 Feb 2009 13:32:11 -0800, Jack wrote:

> Disagree, if anyone used the root password they had to know what it 
> was... 27 characters
> 
> It's probable that they got in through a pop3 account on one machine.

On "one machine", but what about the other machines?
Did they use the same root pw?
If not, what services did the machines have in common?

> No rootkits found, no trojans or viruses found.

chkrootkit and rkhunter may not be sufficient when analyzing the
systems. Preferably examine the filesystem read-only mounted, and
also do RPM database verification with an external RPM.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]