[Plug-security] Once cracked
James
plug-security@lists.PLUG.phoenix.az.us
Mon, 10 Sep 2001 14:51:30 -0700
What was the users name?
On Monday 10 September 2001 09:06 am, you wrote:
> Okay the reason I think I've been cracked is that there is a user found
> in /etc/passwd that I've never created and is a member of the root grp.
> When I look under linuxconf this user doesn't show up. Now I'm thinking
> its "possible" that something I installed created this user. but how
> would I find that out? and why would it need to be a member of the root
> grp? I don't have telnet, sendmail, bash, or ftp running on my box. I do
> allow IRC and as far as I know that's the *only* way someone could get
> in. I'm not running IP tables like I should though. So far haven't seen
> anything malious on my machine. but you never know. Thanks for the ideas
> so far. I'll be looking them over to see if I can figure it all out. but
> if I haven't found out how they did it by the end of the day I'm just
> going to wipe it all.
>
> Carl P.
>
>
> _______________________________________________
> Plug-security mailing list - Plug-security@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-security