"Rafael R. Sevilla" wrote:
>
> It wasn't, at least not on www.gmaquest.com. The logs were not modified,
> and we were able to see a suspicious login at around 5am that morning.
> No self-respecting cracker with root access would leave such a suspicious
> trail. They would erase the wtmp file.
>
And the secure logs, message logs, etc.....a real live script kiddie.
If your kiddie happened to leave a directory in /tmp called ., and a
couple of perl exploits plus source in that dir, then please let me
know, he owes me.
Not big time, nothing done, but he wasted my afternoon a while back.
Ever try remotely reconfiguring a server TO the phils? It's so damn
slow, it hurts.
--
Paolo
Infoweb Telecom (Global) Limited
POT: (852) 2388-1168/1053/1476 or 2625-1688 loc 127 FAX: (852) 2625-1501
7B CNT Tower, 338 Hennessy Road, Wanchai, Hong Kong, SAR, China 852
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
