On Mon, Dec 03, 2001 at 05:25:38PM -0000, [EMAIL PROTECTED] wrote: : Hi : : We have 2 Redhat 6.1 servers and MySQL 3.22.32 and both boxes : appear to have been hacked on Friday last and MYSQL client just hangs : when connecting to the localhost MYSQL server. : : MySQL is running on both boxes and suffer the same problems. : : We also have to use kill -9 pid number to kill the server(s). : : No MySQL client can connect remotely to either of these machines however the : local MySQL client on the hacked server(s) can connect to other remote MySQL : servers. : : We have re-installed MySQL server on this hacked server and still the client : just hangs and no : errors in the logs appear. : : We have Intrusion software but its very long winded trying to find how to : fix it - and ultimately we will re-install. : (but first I have 600 clients per server to please!) : : Please HELP we and all our tech guys are stumped.
Well, hopefully you have backups. If you don't, the data in your database is most likely safe, so back it up. Then completely wipe the box and start over from scratch. You should jut be able to copy the data files to back them up. I wouldn't recommend copying the mysql/ tables, though. They're probably tainted. The only way you're going to be sure that your box is safe is if you wipe and reinstall. Most hacker kits will install backdoors and exploitable holes. Using a hacked server is just a risk to everything you do. * Philip Molter * Texas.net Internet * http://www.texas.net/ * [EMAIL PROTECTED] --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
