Hello On Wed, Aug 06, 2003 at 04:01:39PM +0200, Thijs Welman wrote: > I'm puzzled about how they managed to get those processes running (as > root). There are no local accounts, other than some accounts for the > sysadmins. Does anyone have any idea how they might have done this? Most times, servers are not cracked by somebody "logging in" and get root permissions somehow but by somebody who convinces a running network daemon like a web, database or mail server via means of buffer overflows etc to execute arbitrary code instructions. This code will then e.g. write a shell script and executes it or spanws a shell. You will never see an atacker in your "last" log :-)
Try "nmap" to see which services are reachable from the network. bye, -christian-
