[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] SuSE 8.1 hacked?
I just got some services (mysql, postfix, cvs...) shut down, took a look at
/tmp, and found a miro.tgz and a "miro" executable.
On the executable you can read:
.-= Backdoor made by Mironov =-.
.-= Running =-.
I don't know how much this attack may have compromised the system.
Under /var/log/ there are no clues on how they may have entered,
/var/log/messages has been deleted.
Directories like /tmp or /var have changed permissions since the attack to 700
Now ssh works really slow unless connected to Internet, and I feel very
unconfortable about connecting this server again to the Internet.
The systen is a SuSE 8.1, I had it a little forgotten lately, tough.
Doesn anybody know anything about how they may have entered the system and how
can I arrange it? I'm seriously thinking about installing a SuSE 9.0, but
want to know what happened before doing anything.
Thaks in advance.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here