Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
From: Arthur Pemberton <dalive@xxxxxxxxxxxxx>
Date: Sun, 03 Apr 2005 08:19:50 -0400
In-reply-to: <[email protected]>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]> <[email protected]> <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Fedora/1.7.6-1.3.2

Scot L. Harris wrote:

On Sat, 2005-04-02 at 23:20, Arthur Pemberton wrote:

Looks like i've been root ktited :(

My googling turned up this, which shows a case of my symptoms.

:(

How do I recover from this


Bare metal re-install is the only real thing to do. I hope you had
backups of your important data from a time before the suspected root kit
was installed.

Any idea on how they got in?  phpnuke on the system?

I downloading Knoppix now so I can recover my maildirs. Most other stuff should be up-to-date enough from my last install. I can't be 100% sure that I was not comprised since my last backup. But I only really backup text files (configs, mail, webpages, scripts, sql dumps). I don't think I had phpnuke installed. I had PhpBB installed. But I disabled it since I heard of the security prob in it awhile back.

I only sign I had time find was that vsftpd's log file was missing.. It's been awhile now attempts have been made to get in via ssh and guessing login username/passwords, btu those attempts seemed to be just bots , and were never even close. I guess when I mount the partion ro I'll take a quick look a the logs.

Follow-Ups:
- Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
  - From: Scot L. Harris

References:
- Can't reboot, shutdown, or init 3
  - From: Arthur Pemberton
- Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
  - From: Arthur Pemberton
- Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
  - From: Scot L. Harris

Prev by Date: Re: Grub drive assignments
Next by Date: Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
Previous by thread: Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
Next by thread: Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux