Security Incidents mailing list archives
Re: Hacked using vulnerable FTP daemon.
From: Patrick Andry <pandry () wolverinefreight ca>
Date: Tue, 25 Sep 2001 12:04:19 -0400
Paul Tan wrote:
Hello experts,I am helping a friend who got hacked last few days. Below is the logs from /var/log/messages, i managed to get the logs from the "last" command too. Is this sufficient info to call their ISP and get that guy?Rgds, PaulIf you need more evidence i can produce eg. rootkits and stuff i found on the webserver.
<snip>It is sufficient to call the ISP and have them tell the SA's of the other boxes that they have been hacked as well( due to the two IP addresses involved). Maybe with their logs you can find them, or find the next hacked machine in the chain. Aside from that, there's no real legal steps that can be successfully taken, unless you can prove that the chain of evidence wasn't broken.
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Hacked using vulnerable FTP daemon. Paul Tan (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Patrick Andry (Sep 25)
- Message not available
- Re: Hacked using vulnerable FTP daemon. Paul Tan (Sep 26)
- <Possible follow-ups>
- Re: Hacked using vulnerable FTP daemon. Bojan Zdravkovic (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Jose Nazario (Sep 25)
- Re: Hacked using vulnerable FTP daemon. Ben McGinnes (Sep 29)