Ack! I've been rooted...
Alan
alan at lxorguk.ukuu.org.uk
Fri Feb 2 09:27:12 UTC 2007
> Backup all data that you know for certain is still safe, wipe the disk entirely,
> and do a clean reinstall. If the box was rooted, there is no way to determine
> the extent of the intrusion, and therefore any attempts to replace solely the
> compromised aspects of the system would be irrelevant.
Also check any scripts before restoring. You may find a user or
root .login/.profile or similar in the /home area people habitually
restore without checking contains hooks to reinstall any trojans. If you
are paranoid remove the execute bits from everything you restore too.
Alan
More information about the users
mailing list