Ok I finally got access to my machine to assess the damage, I am running RH9,
Kernel 2.4.20-19.9 and Apache 2.0.40-21.3.
Here is the error message I recieved when trying to restard httpd:
Stopping httpd:[ OK ]
Starting httpd: [Tue Aug 19 17:27:50 200
lto:[EMAIL PROTECTED] On Behalf Of Gregory P.
Bonnette
Sent: Tuesday, August 19, 2003 12:37 PM
To: [EMAIL PROTECTED]
Subject: Apache on RH9 Crashed (Hacked?)
Ok I finally got access to my machine to assess the damage, I am running
RH9,
Kernel 2.4.20-19.9 and Apache 2.0.40-21.3.
Here is the error
On Tue, 2003-08-19 at 23:10, Greg Bonnette wrote:
> Upon further inspection I found that my system had been hacked. I found
> multiple directories
>
> /tmp/'usernameonmysystem'-orbit (multiple occurances, one for each
> username)
> /tmp/ssh1kzaah
> /tmp/ssh2...
Um, I'm not denying that your sy