[wellylug] Think I've had a server hacked

David Antliff dave.antliff at paradise.net.nz
Wed Oct 26 10:38:35 NZDT 2005



On Wed, 26 Oct 2005, Mark Signal wrote:
> is there anything else I can/should  do?

It would be sensible to disable root access via SSH.

If in backing up your data you also back up any scripts, source code or 
executables that you or anyone else has created, you'll need to either 
restore them from a known clean backup, or carefully check every line of 
source for any unauthorised modifications.

I think a good rule of thumb here is that you cannot trust anything from 
that machine any more. Restore from a known clean backup rather than 
copying anything off it, if you can, and then wipe it completely clean.

-- 
David.




More information about the wellylug mailing list