On Tuesday 10 May 2005 09:41 pm, Leonard Isham wrote: > On 5/10/05, roland brouwers <roland@xxxxxx> wrote: > > Hello everyone, > > > > Panic... > > > > I noticed accepted passwords for different users, such as root, myself > > and another one, coming from outside:::ffff:213.219.168.50 > > > > How is that possible? > > Can I detect somehow what he/she did? > > > > In the mean time I changed passwords. > Changing passwords now does nothing. > The only way to guarantee that the system is not longer compromised is > to reload the OS. > I'll have to agree. > -- > Leonard Isham, CISSP > Ostendo non ostento. The only issue would be data and files needed and irreplaceable S.A. work files, letters, journals, etc., but, no executables bin, script, config files, etc. All these may well have been downloaded by the cracker. Scan them before and after removal (put them on a cdrom, tape, or the like mass storage unit. Reload them only as needed and as you can verify their cleanness. It would be better if you could declare the system a total loss. -- John H Ludwig Common sense is so rare, why do they call it common!!!
