You have been hacked. See:
http://www.cert.org/current/current_activity.html#bind
You need to disconnect your box. Unless you're expert, reformat the
hard drive and re-install. Make sure your patches are up to date. This
exploit is fixed by updating the bind rpm's. See:
http://www.redhat.com/support/errata/rh61-errata-security.html
Fred
Ed Lazor wrote:
>
> I suspect that I've been hacked. I found a directory titled "ADMROCKS" in
> /var/named owned by root and I know that I didn't create it. Does anyone
> recognize this?
>
> Any recommendations / advice on how to move forward? I have RedHat 6.1 and
> all of the latest updates on the system. My guess is that I'll need to
> rebuild the system. Of course, there's no way for me to know if the hacker
> can just break right back in after I do that. I also figure I need to setup
> a firewall. Any recommendations on that? Ie. firewall software to use,
> related URLs, etc.
>
> Thanks =)
>
> -Ed
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.