>I was hacked last night I was suddenly getting a huge load on my
>system. Looking at "top", I found a file td running with many
>instances. In searching, I found the file in /dev/chr/client. I found
>where the user x and noc were used and then deleted.
>
>How can I find where the logins came from. For now I have disabled telnet,
>except locally as I will use ssh to check my mail remotely.
>
>Any ideas how they may have got in, or what should I look for to get more
>info on this.
What version of RedHat are you running and if old enough (6.1 and earlier),
did you install the fixed BIND RPM? If not, they got in through that
bug and you will HAVE to rebuild your system. They get in through a
different port, a new one that gets planted.
MB
--
e-mail: [EMAIL PROTECTED]
Bart: Hey, why is it destroying other toys? Lisa: They must have
programmed it to eliminate the competition. Bart: You mean like
Microsoft? Lisa: Exactly. [The Simpsons - 12/18/99]
Visit - URL:http://www.vidiot.com/ (Your link to Star Trek and UPN)
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
