Linux Today: Linux News On Internet Time.

About.com: Have You Been Hacked?

May 05, 2000, 00:03 (0 Talkback[s])

"It is possible that many desktop Linux users have been hacked without even knowing so. Often, crackers won't do anything obviously harmful to a computer system, but will instead install a "back door" somewhere in the system so that they can come and go at will, using your system for their own purposes."

"...if you suddenly find yourself unable to log in at a console or through a telnet session, chances are you've been hacked. Also common is the presence of a new interactive user account at the end of the /etc/passwd file, complete with password, that you don't remember creating."

"The next thing to check for is the presence of root access in your logs. Working as the superuser, check for the text "uid=0" in your log files:

grep "uid=0" /var/log/*
"While you're at it, also check for a list of incoming connections, especially if you're working on a dialup desktop system where no incoming connections are expected:
grep "connect from" /var/log/*

Complete Story

Related Stories: