TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:12807] bad day (more details)



> > However, in case it hasn't been mentioned already, don't, don't, DON'T try
> > to repair the damage on this server.  The only way you'll be sure your
> > unwelcome guest hasn't left behind some trapdoor into the system is to
> > totally wipe the hard drive and start over (backups of non-system files may
> > be OK, like your website, or the contents of your FTP site, but you'll want
> > to make *very* sure those haven't been tampered with either).  Or, if you
> > prefer, get a new set of drives and keep the old ones as evidence.  Changing
> > the passwords is *not* enough.  Even restoring from backup may not work if
> > the backup was taken after the system was first entered.

You also want to learn exactly what happened, so you don't just get hit
again. Best you can do is learn from it...