Quote:
Originally posted by Carrie
Are you prepared to wipe that box and re-load it?
Most likely they left themselves a backdoor. Hunting down that backdoor could take days, while simply reloading could take a few hours.
When your sysadmin reappears, tell him you want IPChains set up on the box immediately with Logcheck emailing you every 15 minutes (at least) and all non-essential ports closed down.
If you've got telnet on the box, install SSH2 and disable telnet. If you've got anonymous FTP turned on, turn it off.
Change all of your passwords - and then do it again at *least* once a month from here on out.
If you still can't get a hold of your sysadmin, install this until you can: http://www.pointman.org/PMFirewall/
It's got easy instructions and is just as easy to open up a port if you close it by mistake.
Best of luck - and check your logs to find out who these fuckers are so you can fry 'em.
|
I allready have the firewall ill go do the ipchan prolly blow up my damn server now