I think I've found a compromised user account. This is on Debian but alien is installed. The attackers have not made a move yet, but have done some tests and kept their connections to scp/sftp to be unnoticed by last.
There is a directory .rpmdb uploaded to their home directory. How could this be used to set up their software? I mean, is there a special angle they are aiming at which achieves a result they would not have realized by only using make on their sources? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CA+AKB6HHMEU1Wh8JpC7mxM0Y2WGJjTudNhdNVEro8R=jjir...@mail.gmail.com
