I am hacked

I am hacked

Post by Jim LaSal » Fri, 31 Jul 1998 04:00:00



Someone has hacked into our Red Hat Linux 5.0 server. It looks like
they log in as "nobody". The logs show the root password changed by
uid=99.  The following banner appears when logging into the server. I
don't know what the hacker has done. I suspect the 'CREATE_HOME' is
the back door he created. Can someone help?

Red Hat Linux release 5.0 (Hurricane)
Kernel 2.0.32 on an i486
configuration error - unknown item 'CREATE_HOME' (notify
administrator)

 
 
 

1. Am I being hacked?

Hi, I haven't read my /var/logs/messages in quite some time as
everything was peachy for a very long time (I know that's bad). Now they
are full of this:

Aug 19 19:20:35 tanpfl1-ar3-233-118 kernel: Packet log : Input -eth0
PROTO=6
205.188.140.249:80 4.34.233.118:61015 L=40 S=0x00 I=53497 F=0x0000
T=40 (#1)

These lines appear 3 times in one second with the same IP's for a while
and then it will be another IP and different port. My IP stays the same,
4.34.233.118. I have ADSL but don't leave my computers on all the time.
I scroll through thousands of lines and see when I shut down and
immediately after starting up the next day these lines appear again.
Same IP's for a while and then more of them over and over, 3 times a
second. My messages.1, messages.2 etc are huge!!! There is nothing in
secure at all or secure.1 .2 .3 etc. I am running RH 7 as a ipchains
firewall/gateway. I went to grc.com and all my ports are stealth. This
is my home network. I thought I was secure but I guess I missed
something. Any input would be welcome.

Thank you
--Michael-

2. problem setting smtp

3. FTP socket disconnect ramdomly

4. am i hacked ??? / strange IP

5. FAQ?: SLIP software and configuration instructions for Solaris 2.4 x86

6. How do I know if I am being hacked[violated]?

7. strange gigabit

8. Am I getting hacked?

9. Am I Hacked? What should I do next?

10. Am I being hacked by someone??

11. Am I being hacked?