Antwort: debian 2.0: some intruder broke in
Hi Jan... On 20.03.2003 15:27:06 Jan Andrzej wrote: Some intruder broke in (cracked in) debian 2.0 system. Now I can use it but I cannot shut down the system (when I type shutdown -h now or shutdown -r now I get the following message: (bad, not nice word) While hacking kernel... and the system is not going to shutdown. I used the button 'reset' to exit the system. The following directories are empty /etc/init.d /var/log And may be more. I can use dselect to install again the basic system and so on but I found only /dists/debian2.2 but not /dists/debian2.0 I think I cannot upgrade the system to debian2.2 because it's broken but probably I could install the removed packages. I have installed many programs in the system and they seem to work so It would be nice not to install everything from scratch. Could you please someone help me? http://www.debian.org/distrib/archive Here is the entry for your sources.list that might help: deb http://archive.debian.org/debian-archive/ hamm contrib main non-free bye Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
debian 2.0: some intruder broke in
Some intruder broke in (cracked in) debian 2.0 system. Now I can use it but I cannot shut down the system (when I type shutdown -h now or shutdown -r now I get the following message: (bad, not nice word) While hacking kernel... and the system is not going to shutdown. I used the button 'reset' to exit the system. The following directories are empty /etc/init.d /var/log And may be more. I can use dselect to install again the basic system and so on but I found only /dists/debian2.2 but not /dists/debian2.0 I think I cannot upgrade the system to debian2.2 because it's broken but probably I could install the removed packages. I have installed many programs in the system and they seem to work so It would be nice not to install everything from scratch. Could you please someone help me? Jan __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian 2.0: some intruder broke in
On Thu, 2003-03-20 at 15:27, Jan Andrzej wrote: Some intruder broke in (cracked in) debian 2.0 system. I recomment you do a clean re-install of debian 3.0 (yes 3.0, not 2.0) and try and keep that up to date on security patches. 2.0 has been unmaintained for a very long time. I can use dselect to install again the basic system and so on but I found only /dists/debian2.2 but not /dists/debian2.0 Get a netinst cd, of download the complete iso do a clean re-install restore your data files from backup... (you do have a backup don't you) -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian 2.0: some intruder broke in
On Thu, 2003-03-20 at 15:27, Jan Andrzej wrote: Some intruder broke in (cracked in) debian 2.0 system. Now I can use it but I cannot shut down the system (when I type shutdown -h now or shutdown -r now I get the following message: (bad, not nice word) While hacking kernel... and the system is not going to shutdown. I used the button 'reset' to exit the system. The following directories are empty /etc/init.d /var/log And may be more. I can use dselect to install again the basic system and so on but I found only /dists/debian2.2 but not /dists/debian2.0 I think I cannot upgrade the system to debian2.2 because it's broken but probably I could install the removed packages. I have installed many programs in the system and they seem to work so It would be nice not to install everything from scratch. Could you please someone help me? If the intruder was able to clean /etc/init.d and /var/log that means he had root rights. Thus he might have modified any other packages and/or installed some backdoor to gain access to your system any time he wants to. It is far more work (if not impossible) to check your whole system; the only thing you can do is backing up your data hoping that nothing got destroyed, doing an fdisk and reinstalling everything. If possible you should upgrade to the current stable (3.0 woody), and not install some *really* outdated version of Debian. Aaron Isotton [ http://www.isotton.com ] -- Modesty is a vastly overrated virtue. -- J.K. Galbraith signature.asc Description: This is a digitally signed message part
Re: debian 2.0: some intruder broke in
At 02:27 PM 3/20/2003 +, Jan Andrzej wrote: Some intruder broke in (cracked in) debian 2.0 system. Now I can use it but I cannot shut down the system (when I type shutdown -h now or shutdown -r now I get the following message: (bad, not nice word) While hacking kernel... and the system is not going to shutdown. I used the button 'reset' to exit the system. The following directories are empty /etc/init.d /var/log And may be more. I can use dselect to install again the basic system and so on but I found only /dists/debian2.2 but not /dists/debian2.0 I think I cannot upgrade the system to debian2.2 because it's broken but probably I could install the removed packages. I have installed many programs in the system and they seem to work You think ?? Many commands, even simple ones like ls or cp can be replaced by versions that still perform those basic functions, but also do much more (bad stuff). so It would be nice not to install everything from scratch. Could you please someone help me? Do a 'dpkg --get-selections' to get a list of your installed programs. Back up your home dir. Reformat and re-install. That's the only fail-safe way of being sure everything that this cracker could have done is gone. Hall -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian 2.0: some intruder broke in
Hi... On 20.03.2003 15:27:06 Jan Andrzej wrote: Some intruder broke in (cracked in) debian 2.0 system. Now I can use it but I cannot shut down the system (when I type shutdown -h now or shutdown -r now I get the following message: (bad, not nice word) While hacking kernel... and the system is not going to shutdown. I used the button 'reset' to exit the system. Try 'init 0' or maybe 'halt...'. Be careful with 'halt', read documentation first. But shutting down your system isn't your most important concern as far as I can see, right... The following directories are empty /etc/init.d /var/log And may be more. I can use dselect to install again the basic system and so on but I found only /dists/debian2.2 but not /dists/debian2.0 I think I cannot upgrade the system to debian2.2 because it's broken but probably I could install the removed packages. I have installed many programs in the system and they seem to work so It would be nice not to install everything from scratch. If you have bad luck, all your applications are running only in your RAM and you have to install everything new anyway... Could you please someone help me? Sorry... i can't gibe you any help for this problem... bye and good luck Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian 2.0: some intruder broke in
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Mar 20, 2003 at 02:27:06PM +, Jan Andrzej wrote: Some intruder broke in (cracked in) debian 2.0 system. Why weren't you using a version that's still actively maintained with security updates in the first place? - -- .''`. Baloo Ursidae [EMAIL PROTECTED] : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+edyhJ5vLSqVpK2kRAgyzAJ9qeNkCs9K5nyFVXyQb+y7VLKqalQCgol98 FqpFrHTao/cu531HBMb2YOE= =9Xis -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: debian 2.0: some intruder broke in - backups/tracking
On Thu, 20 Mar 2003, Paul Johnson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Mar 20, 2003 at 02:27:06PM +, Jan Andrzej wrote: Some intruder broke in (cracked in) debian 2.0 system. Why weren't you using a version that's still actively maintained with security updates in the first place? people learn best the hard way or when its time for a new lesson for the day/week/month ?? - btw .. assuming that backups is clean is an extreme bad idea .. - when you reinstall your new system and reinstall your data from backups .. you have a high probability that you can reinstall the [h/cr]ackers trojans and back doors - if you dont know how they got in .. - they'll get in again if you didnt change anything from the generic install methodologies - do it better/faster/differently/more securely this time ... - it would be nice to get hold of that disk to see - who the [h/cr]acker was - where they came in from - how they got in and how many times they got in - what files they changed - how long they been sitting there watching your network - where else did they poke around in your lan and on the net - .. blah .. blah .. - than get a court order to seize their PC as evidence for computer crimes against your PCs c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]