sendmail & bind are also bad for your mental health. Consider normal alternatives, or if you want to make sure no one is hacking your system through them, switch to qmail and djbdns.
You will also need to install everything from scratch (and I suggest you init. your bios as well). If you want to do a real forensics, you'll need to freeze the system, and stop touching anything there. Not sure it'll help you a lot (you already know that the guy is from Libia, and I'm not sure you can ask the Libian police to arrest him for that). just my 2 euro cents, Orr. On 4/7/07, Ori Idan <[EMAIL PROTECTED]> wrote:
A server I managed was hacked by a libian hacker. The only thing he did was changing the index.html of some web sites. The server is based on fedora core 2 running: httpd sendmail bind proftp (through xinetd) ssh Any ideas how he could have done it? What should I do to prevent such hackes in the future? -- Ori Idan
-- Orr Dunkelman, [EMAIL PROTECTED], [EMAIL PROTECTED] "Any human thing supposed to be complete, must for that reason infallibly be faulty" -- Herman Melville, Moby Dick. Spammers: http://vipe.technion.ac.il/~orrd/spam.html GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys.)
