Somebody (through jhb60.jaring.my) wandered into my system, set up a user account for themselves and set up a couple of programs, eggdrop and smurf. I've not been using encrypted passwords, I understand that there are ways to derive the "salt" that the passwd file uses?
Anyway, this person hid a few files in some interesting places and even replaced my syslogd. Now, when I say "hid a few files", there are files that simply don't show up by ls. You can manipulate them but you can't see them unless you ls the entire path. For example, $ ls /usr/lib/fms returns /usr/lib/fms but $ cd /usr/lib;ls fms returns nothing. I have no idea how many files or directories might be hidden this way, nor how I can find out. I've obviously changed passwords and disabled everything "foreign" that I can find, any suggestions as to what I should be doing about this? Any help appreciated. -Don Erickson -- .sig lite
