You said it! Thanks a lot Sam. I removed that directory. But strangely
enough, I found that I did not have Sxxnamed in my rc3.d. I do not have
/usr/sbin/named either. Maybe the hacker removed them? I will install the
new version of "safe" named and portsentry and tripwire and see if the
hacker can get in again. I will back up my data every ten miuntes! :)
Michael
On Mon, 10 Apr 2000 [EMAIL PROTECTED] wrote:
> Michael,
> It sounds like the same thing I got hit by, the named exploit.
> Check in /var/named and see if there is a directory called ADMROCKS
> if so, grab the updated named, or dont run named.
> Portsentry wouldnt really stop this if you had named open anyway.
> And I suggest a bit of firewalling, and portsentry, if you like to watch logs.
>
>
> Sam
>
> P.S. Is it a good thing that RR is on the orbs list?
>
> ---------------------------------------------------------------------------
> Send administrative requests to [EMAIL PROTECTED]
>
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
