do the following...
ps aux
see what processes they are running. If you see some shell scripts
running (called hackeda, hackb) stuff like that then it's VERY likely
you were hit by the ramen worm. I would recommend you pull the plug and
consider if there is ANY data you really need on the system. If not
wipe it clean and reinstall.
If it is the Ramen worm then get the latest version of wu-ftpd. 2.6.1
has patched the known security holes. Also get the latest lpd and bind
for your system (I believe those were the other points of penetration by
the ramen worm).
Go to
www.cert.org
and look at their home page. The lower right corner has a link for more
information on this thing and what packages it can compromise. They
also have links to where you can get the latest patches for your OS.
Hope this helps and good luck.
Frank
> Someone hacked into one of my systems and I can see them running
> stuff. They seem to have a rootkit installed, because nothing shows
> up under who or w. Is there anything I can do to trace them while
> they are doing this stuff to catch them?
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
