Hi all, I have been hacked! It is clear that I need to reinstall.
I would like to make use of this to learn a bit of what has happened to my server. My /bin/login has been made 0 bytes I fixed the hard-disk into another machine login as root in that machine mount the hacked hard disk and have access to the hard-disk. ls -tral gives me a series of files that has been changed. a few of them are /bin/df /bin/du /bin/ftp /bin/login I try to delete the files and get the warning "do you want to delete write protected file (Y/n)" I say Yes and the answer is "Sorry I am unable to unlink the file" and the file is not deleted. Any one who can help me to understand that message the permission on the file is -rwxr-xr-x and I am root on the machine. Is it because a hard-link has been made to the file in some directory which I first have to find and delete ? Well, Just to learn a bit more. best regards Mettavihari -- A saying of the Buddha from http://metta.lk/ The good give up (attachment for) everything; the saintly prattle not with sensual craving; whether affected by happiness or by pain, the wise show neither elation nor depression. Random Dhammapada Verse 83 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
