[ubuntu-za] Server Hacked
Andy Rabagliati
andyr at wizzy.com
Thu Dec 16 07:11:21 GMT 2010
On Thu, 16 Dec 2010, Hannes Coetzee wrote:
> My server at home seems to be hacked and infected with Suckit, or at
> least thats what chkrootkit reports. /sbin/init was changed on
> 08/12/2010 but I've only picked this up yesterday while using ls.
My birthday !
ls -l /sbin/init
-rwxr-xr-x 1 root root 104068 Aug 12 23:33 /sbin/init
I use 'debsums' - which matches package-installed files with their
checksums.
Another thing I do is mount /usr on its own partition, read-only.
It is not that hard to re-mount it read-write before updates, but
that is not something a scripted virus would do.
Cheers, Andy!
More information about the ubuntu-za
mailing list