hacked

Bob Holtzman holtzm at sonic.net
Sat Apr 15 21:40:24 MST 2006


On Fri, 14 Apr 2006, Jason Spatafore wrote:

> 2. Check /etc/passwd and see if there are any accounts which are suspicious. 
> Also check to see if there is an account with the UID of "0", other than 
> root.

How about an entry like nobody:x:99:99:Nobody:/:/sbin/nologin?

-- 
Bob Holtzman
"A man is a man who will fight with a sword,
 Or tackle Mount Everest in snow;
 But the bravest of all owns a '34 Ford,
 Who will try for six thousand in low!"
                          Roger Huntington


More information about the PLUG-discuss mailing list