[wellylug] Think I've had a server hacked
David Antliff
dave.antliff at paradise.net.nz
Wed Oct 26 10:38:35 NZDT 2005
On Wed, 26 Oct 2005, Mark Signal wrote:
> is there anything else I can/should do?
It would be sensible to disable root access via SSH.
If in backing up your data you also back up any scripts, source code or
executables that you or anyone else has created, you'll need to either
restore them from a known clean backup, or carefully check every line of
source for any unauthorised modifications.
I think a good rule of thumb here is that you cannot trust anything from
that machine any more. Restore from a known clean backup rather than
copying anything off it, if you can, and then wipe it completely clean.
--
David.
More information about the wellylug
mailing list