Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]

From: Arthur Pemberton (dalive_at_flashmail.com)
Date: 04/03/05

  • Next message: Arthur Pemberton: "Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]" 
    Date: Sun, 03 Apr 2005 08:19:50 -0400
To: For users of Fedora Core releases <fedora-list@redhat.com>

    Scot L. Harris wrote:

    >On Sat, 2005-04-02 at 23:20, Arthur Pemberton wrote:
    >
    >
    >
    >>Looks like i've been root ktited :(
    >>
    >>My googling turned up this, which shows a case of my symptoms.
    >>
    >>:(
    >>
    >>How do I recover from this
    >>
    >>
    >
    >Bare metal re-install is the only real thing to do. I hope you had
    >backups of your important data from a time before the suspected root kit
    >was installed.
    >
    >Any idea on how they got in? phpnuke on the system?
    >
    >
    >
    I downloading Knoppix now so I can recover my maildirs. Most other stuff
    should be up-to-date enough from my last install. I can't be 100% sure
    that I was not comprised since my last backup. But I only really backup
    text files (configs, mail, webpages, scripts, sql dumps). I don't think
    I had phpnuke installed. I had PhpBB installed. But I disabled it since
    I heard of the security prob in it awhile back.

    I only sign I had time find was that vsftpd's log file was missing..
    It's been awhile now attempts have been made to get in via ssh and
    guessing login username/passwords, btu those attempts seemed to be just
    bots , and were never even close. I guess when I mount the partion ro
    I'll take a quick look a the logs. 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Arthur Pemberton: "Re: Can't reboot, shutdown, or init 3 [I've been root-kitted, please advise]"

    Relevant Pages

    • Re: Disaster recovery planning
      ... > Here's how I plan to recover a system from a level 0 backup to ... boot in single user mode, fix fstab and devices, restore other filesystems ... install floppies -- I think you get dumpand restore, ...
      (freebsd-questions)
    • Re: Failing SBS 2003 - restore / recover then migrate to SBS 2008?
      ... those utilities to recover the install key. ... If you go the SBS 2008 route, make sure the server hardware meets the ... - I don't now yet if the backup (standard SBS backup to an external USB ... can recover the file data using a boot live CD ...
      (microsoft.public.windows.server.sbs)
    • RE: [SLE] Package Recovery
      ... >> Every time I have to recover my old 8.1 system from backup, ... >> trashed it when I was trying to create a disaster recovery backup so I ... only the adminguide failed to download. ... how would I install all of these patches manually, ...
      (SuSE)
    • Re: Recovery of the Exchange database
      ... change the HDD and recover from backup ... >The problem is that the last sucsessful backup was 4,5 ... Install Excahnge in an other location, ...
      (microsoft.public.exchange2000.admin)
    • RE: Certificate Authority
      ... > That was my full backup, ... > without the log file? ... Can I install the CA again, ... > certificates, the databes, and the certificate for the CA? ...
      (microsoft.public.win2000.security)