Hi Thomas,
The first way to tell if you were compromised is if you can still log in.
Most root kits replace /bin/login. If for some reason your hacker did not,
you can also do a ls -alc /bin to see if any thing floats to the top. If
a root kit was installed the dates wont match and you will at least see ps
move to the top.
If all of your updates are done, they most likely didn't get in.
Have fun,
--
_________________________________________________________________
Brian Ashe CTO
[EMAIL PROTECTED] Dee-Web Software Services, LLC.
http://www.dee-web.com/
-----------------------------------------------------------------
Those who desire to give up Freedom in order to gain Security,
will not have, nor do they deserve, either one.
Monday, July 31, 2000, 9:13:49 AM, you wrote:
BTG> Looks like someone was knocking... Is there any way to tell if they got in?
BTG> ################## LogWatch 1.6.6 Begin #####################
BTG> --------------------- Cron Begin ------------------------
BTG> Commands Run:
BTG> User root:
BTG> /sbin/rmmod -as: 144 Time(s)
BTG> run-parts /etc/cron.daily: 1 Time(s)
BTG> run-parts /etc/cron.hourly: 24 Time(s)
BTG> ---------------------- Cron End -------------------------
BTG> --------------------- ftpd-messages Begin ------------------------
BTG> Anonymous FTP Logins:
BTG> 24.64.182.188.on.wave.home.com (24.64.182.188):
BTG> 悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙
BTG> 悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙
BTG> 悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙
BTG> 悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙
BTG> 悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙𐝣1砂F虴UR11跜?貯?虴UR雓^11
BTG> 峖^A^F^Df^A'虴UR1缻^^A=虴UR11蹗^^H?C^B1绳1缻^^H癪L虴URu1繼F^I峖^H=
BTG> 虴UR⺗N0^F^D1繼F^G?v^H?F^L?髰N^H峍^L癪K虴UR11郯^A虴UR钀0bin0sh1..11
BTG> - 1 Time(s)
BTG> 翳簕.n+壏櫒キ鏰j咤娝畓aj哕"�顬藳笔鈓镖藏^J驺y
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
