|
From: | Andreas Tille |
Subject: | [Gnumed-devel] Re: URGENT - hherb.com hacked |
Date: | Sun, 21 Nov 2004 18:54:52 +0100 (CET) |
On Sun, 21 Nov 2004, Horst Herb wrote:
hherb.com has been hacked, a root kit installed. This happened probably on 15th of November (at least some of the kitted files like rm, chmod, login, ifconfig etc. bear such time stamp and log entries before that date look unsuspicious)
If you are interested I could propagate this to Debian people who have some experiences with intrusion detection. This case is also interesting for Debian because I think hherb.com was running Sarge more or less and thus the case might be relevant for Sarge release.
The new server will be firewalled *on top* of the firewall that was/is provided by the data centre.
You might reconsider Aide intrusion detection. Kind regards Andreas. -- http://fam-tille.de
[Prev in Thread] | Current Thread | [Next in Thread] |