rootkit?
Res
res at ausics.net
Sun Dec 11 09:17:44 UTC 2005
On Sun, 11 Dec 2005, Scot L. Harris wrote:
>
> Did you try rkhunter? Would be interesting to know if it could see it.
likewise
> Once a system has been rooted the only action to take is to rebuild the
> system from scratch, format the drives and install clean. Be very
only true is not very expericed, as one who is responsible for large
datacenters, after 10 years of it you get pretty good a forensic disection
:)
rule No. 1 - tell em to go get nicked if they want front page
rule No. 2 - scan for and ban phpnuke - they sure as F@#$ named it so
aptly ;)
luckily most the brain dead script kiddies out there all use much the same
sort of code so resolution is pretty painless. but prevention is always
better than the 1am wake up call
--
Cheers
Res
More information about the users
mailing list