Jamin, you're right. I've made some changes to the machine (fixed the
hosts.allow and hosts.deny and a few other things), changed some passwords,
and it seems to have prevented them from hacking anybody else with it, at
least for now. Yeah, I've already told them they're going to have to
re-install everything to make sure it's clean, but I've gotten the log
working and got a pretty fair collection of IP addresses, along with a few
repetitive ones. I'm sort of on a mission now...
So, here's another question - if I come up with a couple of IP addresses
that look to be good (like not spoofed and possibly the original hackers),
what do I do with them? The server is in Miami, should I give them to the
Miami FBI office? Just ignore it and chalk it up to their bad setup? What
do you guys think?
Kerry
Message: 8
From: Jamin Collins <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: More hacked server questions
Date: Thu, 21 Sep 2000 16:51:12 -0500
charset="windows-1252"
Reply-To: [EMAIL PROTECTED]
IIRC, he's intentionally leaving the box connected as he is looking for
more
information on the people that did it.
Jamin W. Collins
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
