Simple! May be he had trojaned you syslog daemon or contrab or both! I suggest you to run http://www.chkrootkit.org/
Good luck! Matthias G�ntert wrote:
>Hello list,
>
>my suse linux 7.3 server has been hacked. The hacker frequently started a
>reverse netcat shell via crontab. But how was the hacker able to hide his
>tracks? I frequently check my logs! As far as i know crontab writes entries into
>/var/log/messages. Also i wasn't able to see anything via crontab -l.
>Any help on this would be appreciated.
>
>Best Regards
>
>M.G�ntert
>
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
