On Wed, Aug 20, 2003 at 09:03:28PM -0500, PHPTOm wrote: >I think I have found the answer to my problems. I got into a shell using >disc 1 of the installation cds. I switched to super user mode and saw >various commands in the history that were not mine. Someone got in earlier >this week and did some bad things to my system. Below is the history if >anyone is interested in seeing what they were up to. Any explanation of >what they did is welcome. It was pretty much a fresh install, so I wiped >the disc and I am reinstalling. I think I need to learn much more about >security. <*snip-kiddie*> I would certainly recommend getting a firewall set up before you rebuild that box. Chances are good that what you installed the first time will still be vulnerable when you install it the second and third times. If you are new to computer security in general, you should never, ever, put a computer on the internet without a firewall before it. That said, you should never put a computer on the internet without said box having some defensive meaures in place, and/or behind some sort of a firewall. Especially if you are a home user with a cable or dsl modem or any type of 'always on connection' you *must* have a firewall before your computer or your LAN of computers. There are many firewall solutions ranging from the the $30 Linksys/D-Link units you can buy, to Linux based solutions available freely on the internet (most of which require very minimal hardware that your can dumpster dive from your local alley :)). I offer you, and all in your similar position, a very few links (besides the implied http://google.com), and a great deal of encouragement: Security Focus aka bugtraq an excellent resource for all things security http://securityfocus.com/ IP Cop a very versatile Linux based firewall http://ipcop.org PicoBSD a BSD based floppy firewall Coyete Linux a Linux based floppy firewall I would also suggest that you subscribe to your distros (Red Hat, Debian, SuSe...) security or update mailing list. Subscribe to lots of security mailing lists for that matter. Keep asking questions and reading, and do some more reading and google'n, ask a few more questions. lather, rinse, repeat. In no time you will be intelligently answering security questions yourself :) -- Linux Administrator || Technology Specialist || Wifi Engineer http://autonomous.tv/~spencer/resume/ || spencer at autonomous.tv Key fingerprint = 173B 8760 E59F DBF8 6FD2 68F8 ABA2 AB08 49C7 4754 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030820/a37c3ba6/attachment.pgp