|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: rir
vmei.acad.bgDate: Wed Mar 27 2002 - 00:00:55 CST
Hi,
I got a similar attack one and a half months ago.
A line was appended at the end of file /etc/init.d/network
/usr/bin/sshd2 -q
Many other files were modified like ls, ps, netstat, su, etc.
ls was modified not to show the file /etc/dhcp/dhcp.conf
which was supposed to store stolen usernames and passwords.
Hopfuly I run ssh on differenr port. There was one other
strange effect - when a user locks the display, their password
is rejected when trying to unlock the display.
I can't still figure out how it has happened.
Regards,
Rossen
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]