attack 2
Thomas Cameron
thomas.cameron at camerontech.com
Wed May 11 01:53:29 UTC 2005
> Hello everyone,
>
> Panic...
>
> I noticed accepted passwords for different users, such as root, myself
> and another one, coming from outside:::ffff:213.219.168.50
>
> How is that possible?
> Can I detect somehow what he/she did?
>
> In the mean time I changed passwords.
You're 0wn3ed. That is no longer your machine. You need to blow it away
and reload the OS.
This time, use strong passwords. And disable root loging via SSH.
Thomas
More information about the users
mailing list