On Mon, Oct 03, 2005 at 08:55:03AM +0200, Andreas Janssen wrote: > Hello > > Jared Hall (<[EMAIL PROTECTED]>) wrote: > > > It looks like I am being rooted right now. How do I toss this guy off > > of my system. he has an IP address of 210.95.212.131 > > > > Please get back to me fast. I took the compilers off of the system, > > and it's only running dns... so there's no firewall or anything. I > > can't shut down ssh because that's my only connection to the system. > > Make an image of the hard disk if you can to find out how that guy came > in, and reinstall. You don't know what he changes on your system, so > there is hardly a way to safely revert everything he did.
Seconded. If they've got access to your system. you've lost. It would be irresponsible as a netizen to leave the machine connected to the Internet. The disk image would be purely for your own convenience to see how s/he got in and learn how to prevent it in future. If it's too much work to create one, you'll just have to write it off. -- Jon Dowland http://jon.dowland.name/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
