This is a bit off-topic. " Raymond A. Ingles" wrote:
> On Sat, 13 Mar 1999, Don Erickson wrote: > > > Somebody (through jhb60.jaring.my) wandered into my system, set up a user > > account for themselves and set up a couple of programs, eggdrop and smurf. > The address seem to indicate that the intruder originates from Malaysia. > > Typically this is done by "script kiddies" who aren't particularly good > computer users, but they take scripts written by other people and use them > to break into systems. > > Then they typically use a "rootkit" to get root access and replace files, > just as you've seen. "ls" is usually the first one they hack. They > also replace system demons and so forth; probably there are now > several backdoors into your system that don't use passwords at all. Check > out www.rootshell.com, they have plenty of info and rootkits. They also > have some information on securing your system. > > At this point, you can't trust your system. You *might* be able to > restore from your last complete backup, if you are *sure* you know when > you were cracked. More likely, you'll have to save what data files you can > and then reinstall from trusted media, like a CD-ROM. Obviously, don't do > this while your machine is hooked to the net. Examine carefully any other > machines yours is hooked up to, e.g. by Ethernet. > > Don't put your system back on the net until you are reasonably confident > you've closed the more common holes. Sorry, it sucks but that's the only > way to be sure. If you want some revenge, you can try reporting to the > sysadmins of the originating system, if you can actually identify it. :-/ You may want to reconsider this "revenge". In Malaysia, there is this legislation (Computer Crimes Act 1997) which I consider absolutely draconian and the intruder if convicted is liable to either a fine (< RM50,000) or to imprisonment (< 5 years) or to both. Alternatively, the intruder could also be charged under a different section in the same Act which carries a heavier penalty.
