Re: [opensuse] system seems hacked...

Roger Oberholtzer wrote:
On Fri, 2008-02-22 at 23:17 +0100, Wolfgang Woehl wrote:
Donnerstag, 21. Februar 2008 Pavol Rusnak:

Just for the record, emech is energymech* - IRC bot programmed in
C, similar to eggdrop*, no exploit or rootkit fortunately.
Hi Pavol, I think what you say is naive at best. "Botnet" ring a bell?

s.r.o Package Maintainer Lihovarska
You seem to maintain tcpdump, libpcap, iptables and I sincerely hope that you don't take the same easygoing approach with those.

I think the hack is indeed as described. It was not really messing up my
system. It used it as a stage to probe other systems. I got a visit from
our IT department that there was a complaint about this server from some
external site. I was not surprised. It seems that the password changes
have resolved the issue. At least for now. I will have to keep watch for
something else. But I do not think the system was compromised. In
summary, I would say a user let someone use his account to run some
unexpected software.

A user like that needs two weeks unpaid vacation, so that
in the future, he can think more clearly at work before
"loaning" his account to some who wants to use it for
"unexpected software"

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx