You probably already got this one solved but if not, you'll need to
download on another computer one of the linux rescue disks and boot the
machine up with that disk. It will have a clean copy of chown and chmod
and rm on it the hacker never damaged. What has happened is the hacker
replaced y
> Jason Edson wrote:
> Didnt you post this like a week ago and get answers? Just curious if
my mail reader is acting up.
Sorry, I reposted after an initial search of the
debian-user archive came up blank. Looks like it went through twice now.
OOPs.
Regards,
Andreas
> On Tuesday 23 August 2005 12:57, Alvin Oga
wrote:> > personally... i think any hacked machine should be looked
over> > carefully to be able to answer the following:> > -
who broke in> > - how did they get in> > - why did they
break in ( sometimes there's no answer )> > - where they cam
On Fri, Aug 26, 2005 at 04:08:22PM -0700, Jason Edson wrote:
> Didnt you post this like a week ago and get answers? Just curious if
> my mail reader is acting up.
Indeed I see the message and quite a few replies on Tue, 23 Aug 2005
14:06:24 +1200.
--
Jon Dowland http://jon.dowland.
On 8/26/05, Andreas Hatz <[EMAIL PROTECTED]> wrote:
Hello,
I have posted this user group with a similar
problem in the past and have had great help, but this one seems to be a new
problem:
It looks like the affected machine has been rooted
by a t0rn roootkit and then used to install
If you want to press charges and if the attack had anything in anyway
related to thed United States then contact the US FBI. Why? I don't know,
but that is what the news companies here in the US suggest.
The fact that you have the attacker hotmail address is nice. Belive it or
not the cracker
On Tue, 23 Aug 2005, Arne [utf-8] Götje ([utf-8] é«çè¯) wrote:
> On Tuesday 23 August 2005 12:57, Alvin Oga wrote:
> > personally... i think any hacked machine should be looked over
> > carefully to be able to answer the following:
> > - who broke in
> > - how did they get in
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andreas Hatz wrote:
> ns:/usr/lib/libsh# rm -rf *
> rm: cannot unlink `hide': Permission denied
> rm: cannot remove directory `utilz': Permission denied
Oh, really fun... Well, you've been r00ted, so be careful and use
tripwire in the future ;).
- --
On Tuesday 23 August 2005 12:57, Alvin Oga wrote:
> personally... i think any hacked machine should be looked over
> carefully to be able to answer the following:
> - who broke in
> - how did they get in
> - why did they break in ( sometimes there's no answer )
> - where the
On Tue, 23 Aug 2005, Dalibor Straka wrote:
...
> > ns:/usr/lib/libsh# rm -rf *
> > rm: cannot unlink `hide': Permission denied
> > rm: cannot remove directory `utilz': Permission denied
fun stuff ...
> This could be caused by modified rm or some kernel module.
> The easiest way is to boot to
Hello world!\n
On Tue, Aug 23, 2005 at 02:06:24PM +1200, Andreas Hatz wrote:
> Hello,
>
>
> Now try to delete:
>
> ns:/usr/lib/libsh# rm -rf *
> rm: cannot unlink `hide': Permission denied
> rm: cannot remove directory `utilz': Permission denied
This could be caused by modified rm or some kernel
11 matches
Mail list logo
