That's quite an assertion. How can I confirm it HAS been compromised, as opposed to thinking it's a possibility?
On Thu, Jan 27, 2011 at 9:44 AM, Henrique de Moraes Holschuh <h...@debian.org > wrote: > On Tue, 25 Jan 2011, will trillich wrote: > > In kern.log there's only > > Jan 23 23:04:59 darth kernel: [64084756.601774] exploit[25161]: segfault > at > > 10c00b ip 00000000 sp deadc01d error 6 > > Jan 23 23:05:08 darth kernel: [64084765.528734] NET: Registered protocol > > family 5 > > There is no mistery. Your system has been compromised. Get post-mortem > backups done for forensic purposes, wipe the box, and proceed to a full > reinstall. > > Kindly don't leave that thing connected to the network for now, as it is > likely being used as a botnet C&C node, or as an attack platform. > > Based on the uptime and "debian_version" data you provided, whomever > takes care of that system has been very negligent with security updates. > It is no wonder it got rooted. Let that be a lesson for the future. > > -- > "One disk to rule them all, One disk to find them. One disk to bring > them all and in the darkness grind them. In the Land of Redmond > where the shadows lie." -- The Silicon Valley Tarot > Henrique Holschuh > -- -- will trillich -- http://faq.serensoft.com/ "The truth is that many people set rules to keep from making decisions." -- Mike Krzyzewski
