[SunHELP] Tracking Hacker ?
Peter Cheyne
sunhelp at sunhelp.org
Tue May 1 03:38:04 CDT 2001
nice one ;-)
--
Peter Cheyne
UNIX System Administrator
----- Original Message -----
From: Jeff Feller <jeff at bitz.net>
Date: Wednesday, April 25, 2001 3:55 am
Subject: [SunHELP] Tracking Hacker ?
> Hello Sun Admin's,
>
> I logged into my SPARCstation 5 tonight (which runs Solaris 8) and a
> message of "you been hacked" was on my screen. Someone some how
> gainedroot access and put that in my /etc/motd file. I noticed it
> was last
> modified APRIL 24 at "18:52" so I did a last -10 to see who had
> been on.
> Apparently they covered up their tracks because it only showed MY
> loginsand NO logins around the time this happened. The only other
> guy who has
> root access to this system is on his way home from Denver, CO and
> has NO
> ACCESS to the net right now.
>
> Which steps can be taken to find out who had done this or at least how
> they got in?
>
> None of my log files in /var/log have any clue.. /vahave had
> something but everything was removed from the time it happend and
> before.
>
> ANY IDEA's that can help me are **GREATLY** appreciated. After
> this had
> happened, I also checked my inetd.conf and probably should have
> shut down
> basically ALL ports before hand because the only access anyone
> needs to
> this is RARELY ftp and mostly ssh. Thank you!
>
>
>
> Jeff Feller
>
> _______________________________________________
> SunHELP maillist - SunHELP at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/sunhelp
>
More information about the SunHELP
mailing list