Alfred von Campe wrote:
My home system has been hacked. It's running CentOS 4.4, and I
recently added an account to play around with Samba shares to back up
PCs here at home. I had set a weak password for that account and
forgot to disable it after my testing. I could hear the disk being
accessed constantly, so I knew something was up. I disabled the port
forwarding to my CentOS box on my Linksys router (only ports 22 and 80
were being forwarded).
if for sure only 22 and 80 were forwarded, then it wasn't Samba.
There's no default account I see here on my 4.4 boxes named backup, was
that something you'd created? some package you'd installed?
what was on your website? any canned php scripting or whatever?
re: cleanup... look very carefully for directories in odd places with
. names
I'd run rkhunter to see if tehre's any other well known root kits on
your system.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
