[luau] RH 9 server hacked -- what went wrong?
Vince Hoang
luau at ml.altern8.net
Fri Aug 22 14:04:00 PDT 2003
On Fri, Aug 22, 2003 at 09:33:08AM -1000, Rob Bootsma wrote:
> So my question is, how did they get root? Well, I guess they
> used this rootkit, but how did they manage to install that?
> Where is the vulnerability? If anyone has any suggestions
> of what to look for before I wipe out this box, it would be
> greatly appreciated.
Without knowing more, I suspect you performed a full install,
disabled iptables, and did not verify that only minimal services
were running.
If you want to run forensics, set the HD aside and reinstall on
new media. Do not boot or mount the partitions read/write.
-Vince
More information about the LUAU
mailing list