Re: [SLUG] Help I got hacked!!

[Andy Eager <eagera@xxxxxxxxxxxxxxx>]

Thanks for that lovely piece of information.  I guess the key to the 
whole thing is to have a reasonably quick and easy way of installing 
from scratch without having to go through all the headaches associated 
with a 'clean install'.

Fortunately I keep all data backed up, so thats not a problem but having 
built the machine from scratch as a humble newbie only 6 months ago 
(.... I couldn't even spell Linux...) I've got stuff like nfs, ntp, 
named, samba etc, etc which all just 'evolved' over time. 

Wouldn't a reasonable compromise be to do the following:

verify each installed package:    rpm -V -a
(Now we know each package is OK)

for each file in all directories except home, do:   rpm -qif <filename>
(If it doesn't belong to any package then warn user)

The problem I have is that it will probably take me days to rebuild (and 
re-remember) everything I did over the past six months in terms of 
administration.  Then having done that, the same thing happens 
again..... (because I still don't know how they got in)


Andrew E.
( A desperate optimist who untill now, believed that all people (even 
hackers) were good )





Jeff Waugh wrote:

> You *need* to take the machine offline, and rebuild or replace it. This is
> the only safe way to deal with it (and not having it come back to bite your
> arse next rainy day).
>
> - Jeff