Re: Am I hacked?

2005-06-17 Thread Alexei Chetroi
On Thu, Jun 16, 2005 at 11:36:18AM -0400, Kevin B. McCarty wrote: > Date: Thu, 16 Jun 2005 11:36:18 -0400 > From: "Kevin B. McCarty" <[EMAIL PROTECTED]> > User-Agent: Debian Thunderbird 1.0.2 (X11/20050331) > To: debian-user@lists.debian.org > Subject: Re: Am I h

Re: Am I hacked?

2005-06-16 Thread Mike Oliver
Michal Sedlak wrote: But I thing bigger problem is this --WARN-- [sig004w] None of the following versions of /bin/bash (-rwxr-xr-x) matched the /bin/bash on this machine. Linux 2.4.17 --WARN-- [sig004w] None of the following versions of /bin/login (-rwsr-xr-x) matched the /bin/login on thi

Re: Am I hacked?

2005-06-16 Thread Kevin B. McCarty
Michal Sedlak wrote: > I am nearly sure that my server was hacked, but I want to be sure. Can > anybody say me if it is true. > > Here is tiger script output. Do you have any ideas how to repair it {no mkfs > funny stuff please} > There are some line interesting. I have one for every critical s

Re: Am I hacked?

2005-06-16 Thread Michal Sedlak
AIL PROTECTED]> To: "Michal Sedlak" <[EMAIL PROTECTED]> Cc: Sent: Thursday, June 16, 2005 7:07 AM Subject: Re: Am I hacked? Michal Sedlak a écrit : Hi all, I am nearly sure that my server was hacked, but I want to be sure. Can anybody say me if it is true. Here is tiger scri

Re: Am I hacked?

2005-06-15 Thread Maurits van Rees
On Thu, Jun 16, 2005 at 07:07:59AM +0200, Laurent CARON wrote: > Login ID sashroot has uid == 0. > --WARN-- [pass002w] UID 0 exists multiple times (2) in /etc/passwd. > --WARN-- [pass012w] Home directory /root exists multiple times (2) in > /etc/passwd. > > can you please post & copy of /etc/passw

Re: Am I hacked?

2005-06-15 Thread Laurent CARON
Michal Sedlak a écrit : Hi all, I am nearly sure that my server was hacked, but I want to be sure. Can anybody say me if it is true. Here is tiger script output. Do you have any ideas how to repair it {no mkfs funny stuff please} There are some line interesting. I have one for every critical

Re: am i hacked?

2001-01-25 Thread Philippe Marzouk
Le jeu, 25 jan 2001 13:47:17, cls/cs a écrit : > debs, > > i just ran uptime on my single-user box connected to the office dsl > pipe. > > it shows 3 users; and there's only one non-root account. > > 1. how do i find out who are the other 2 users? > > 2. does this mean that i've be hacked?

Re: am i hacked?

2001-01-25 Thread Colin Watson
cls/cs <[EMAIL PROTECTED]> wrote: >i just ran uptime on my single-user box connected to the office dsl pipe. > >it shows 3 users; and there's only one non-root account. > >1. how do i find out who are the other 2 users? Type 'who'. >2. does this mean that i've be hacked? Chances are it's thr

RE: am i hacked?

2001-01-25 Thread Brooks R. Robinson
man who > -Original Message- > From: Debian User [mailto:[EMAIL PROTECTED] Behalf Of cls/cs > Sent: Thursday, January 25, 2001 6:47 AM > To: debian-user@lists.debian.org > Subject: am i hacked? > > > debs, > > i just ran uptime on my single-user box connected to the office dsl pipe. >