On 9/19/07, Grant <[EMAIL PROTECTED]> wrote: > > > Last night my host sent out a message that their database had been > > > compromised. I contacted them this morning and it turns out that all > > > of their trouble tickets were exposed. I checked my records and > > > (stupidly) I had included my root password in an email to them about a > > > year ago. I (stupidly) hadn't changed the password since. I've > > > changed it now and rebooted the system, but what do you think? Do I > > > need to start this thing over? > > > > > > - Grant > > > > I think you should take a look at the programs that > > are running, and netstat -l, and see if anything is fishy. > > I recognize everything in 'ps -ef' I think, but I've never really used > netstat before. Under "Active Internet connections" I don't > recognize: > > tcp localhost:10030 > tcp *:snpp > > I don't recognize most of the paths under UNIX domain sockets. > Anything particular I should look for?
Try using the -p option to netstat to get the PID of those two connections, see if its anything suspicious -- Ryan W Sims -- [EMAIL PROTECTED] mailing list
