wongcmEP.COM.MY

• Next message: Marcelo Carneiro Rodrigues: "Protecting Linux against SYN Flood attack ?"
• Previous message: Jun Altea: "Users of Linux ipchains at the enterprise level"
• In reply to: swamy: "hacked by bind eploit--can someone help me???"
• Next in thread: Jerry Litteer: "Re: hacked by bind eploit--can someone help me???"
• Reply: C.M. Wong: "Re: hacked by bind eploit--can someone help me???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I suggest you format the machine now. This exploit is quite widely spread.
Rebuilt your machine with the latest linux RH kernel (2.2.16-3) and download
the latest bind package (8.2.2-p5) from www.isc.org. Compile it and run it
in a chroot env with a normal user.

If you got an extra server to spare, keep the hacked one and try to track
the little bugger down... provided you still got your logs. :)

Rgrds,
Wong.

> -----Original Message-----
> From: Focus on Linux Mailing List
> [mailto:FOCUS-LINUXSECURITYFOCUS.COM]On Behalf Of swamy
> Sent: Wednesday, June 28, 2000 9:20 PM
> To: FOCUS-LINUXSECURITYFOCUS.COM
> Subject: hacked by bind eploit--can someone help me???
>
>
> hello,,
>
> My server is hacked :
>
> there is a directory :/var/named/ADMROCKS created by the hacker,,
> a psuedo login shell : prick
>
> i am able to replace the origianal login shell ,, but my
> nameserver is still
> not working properly... 'am using redhat 6.1 version
>
>
> can some one please help me???
>
> reply,
>
>
> swamy..

• Next message: Marcelo Carneiro Rodrigues: "Protecting Linux against SYN Flood attack ?"
• Previous message: Jun Altea: "Users of Linux ipchains at the enterprise level"
• In reply to: swamy: "hacked by bind eploit--can someone help me???"
• Next in thread: Jerry Litteer: "Re: hacked by bind eploit--can someone help me???"
• Reply: C.M. Wong: "Re: hacked by bind eploit--can someone help me???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]