mysql at hotchilli.co.uk wrote:
>We have 2 Redhat 6.1 servers and MySQL 3.22.32 and both boxes
>appear to have been hacked on Friday last and MYSQL client just hangs
>when connecting to the localhost MYSQL server.
>MySQL is running on both boxes and suffer the same problems.
>We have Intrusion software but its very long winded trying to find how to
>fix it - and ultimately we will re-install.
I found a neat checklist on one of the official sites, (CERT, etc) and
their recommendations
were something along the lines of.
1. Network isolate all infected machines.
2. Get backups of user data, at least two, and verified if possible. Also
save any local
configuration files for the applications. Don't save any o/s
configurations, such as /etc/services,
unless absolutely necessary.
3. Reformat disk on infected machine and reload o/s from known clean
source
4. Add local configurations.
5. Add o/s and application patches, concentrating especially on security
ones.
6. Restore user data, being careful not to restore any user scripts or
more especially
executables until such time that they can be proven to be untampered with.
Personally I'd seriously think about upgrading from '6.1 to a 7.x distro so
you can get the
RedHat support.
Regards
Bob Cross.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
This message is confidential. It may also be privileged or
protected by other legal rules. It does not constitute an
offer or acceptance of an offer, nor shall it form any part
of a legally binding contract. If you have received this
communication in error, please let us know by reply then
destroy it. You should not use, print, copy the message or
disclose its contents to anyone.
E-mail is subject to possible data corruption, is not
secure, and its content does not necessarily represent the
opinion of this Company. No representation or warranty is
made as to the accuracy or completeness of the information
and no liability can be accepted for any loss arising from
its use.
This e-mail and any attachments are not guaranteed to be
free from so-called computer viruses and it is recommended
that you check for such viruses before down-loading it to
your computer equipment. This Company has no control over
other websites to which there may be hypertext links and no
liability can be accepted in relation to those sites.
Scottish & Newcastle plc
Registered in Scotland, Registered Number 16288
Registered Office: 33, Ellersly Road, Edinburgh, EH12 6HX
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
