From: Mario Neubert (mario_neubertgmx.de)
Date: Wed Apr 23 2003 - 03:51:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hello istvan,

you can boot from your susecd in rescue-mode, mount your drives and now
you should see what happend.
cu mario

> -----Original Message-----
> From: Istvan Hollo [mailto:istvan.holloija.hu]
> Sent: Wednesday, April 23, 2003 7:32 PM
> To: suse-securitysuse.com
> Subject: [suse-security] ver7.2 server was hacked - pls help
>
>
> Hello Guru's,
>
> On the weekend our web server (SuSE 7.2 kernel 2.4.4-4GB) was
> hacked by some very clever guys.
> They placed some programs which i can not remove anymore and
> which is even worse - the root's password also was changed (I
> can not start in single user mode - init 1 - password is
> wrong). A "sysadmin" user was created by the hacker and mtab
> also was changed.
>
> When i try to login and type the username than Enter -> the
> "pasword" question is not coming but the screen is hanging.
> It means we can not log in anymore. Which is interesting,
> this is our mail server also and we can send/receive mails
> but via samba is not possible to connect to the shared drives.
>
> I'm afraid i have to reinstall the machine, but before i do
> it want to know what and how happened.
> If someone of you experienced with this and could give good
> advices about what to do and how i can analyse who logged it
> would be appreciated.
>
> TIA,
> istvan
>
>
>
> Istvan HOLLO
>
> GlobalTech Hungary Informatikai Kft.
> phone : +36 28 590 500
> fax : +36 28 590 501
> email : istvan.holloija.hu
> www : www.thegt.com www.ija.hu
>
>
>
>

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]