Has my server been hacked?
Don Erickson
derick at zeni.net
Sun Nov 13 09:40:41 CST 2005
On Sun, 13 Nov 2005, Matt Graham wrote:
> Hi. I got this email (below) from someone saying that my server is
> attacking theirs. They used my IP in the subject line as well.
>
> Is this what happens when a system is rooted? If I suspect that this has
> happened, is my best option to reinstall?
> Hello, I am not sure if you are aware that your server is conducting a
> vulnerability search and is continually hitting my server. I am guessing
> that you are unaware of it since the attacking IP is riddled with personal
> pictures of your self and your sister. Could you please look into this
> ASAP. Grant.
Hunhh? I've never seen a "vulnerability search" that is "riddled with
personal pictures" of "your sister".
This looks like crap, did the email contain an attachment with a windows
executable format by chance?
And as to the question of what happens when a system is rooted, if it's
rooted right you'll never even know.
Regards,
-Don
More information about the Kclug
mailing list