Thank you for all the help
I have decided not to format/reinstall the OS, let me explain why
The server software that was compromised (once again, RealVNC) also runs on Windows. Judging by the files that were placed (Trojan .exe files) it seems that the cracker thought it was a windows machine. The file was placed 4 days before I noticed the problem leaving plenty of time for the attacker to run a local root exploit and gain complete control of my machine. It doesn't seem he attempted to do anything beyond downloading the trojan with Firefox and placing it on my KDE desktop.
IN CASE I AM WRONG: My hosts.deny contains "SSHD: ALL" and my hosts.allow contains 4 known ip's, therefore eliminating the crackers chances of getting in through ssh. Root login is diabled. My firewall (a separate machine) blocks most other ports. I have changed my passwords, what else can he do to make use of my machine?
Slackware 11, when released very soon, will be when I reformat. Until then I am on high alert and I will be watching all logs.
I think I'll be okay.
I have decided not to format/reinstall the OS, let me explain why
The server software that was compromised (once again, RealVNC) also runs on Windows. Judging by the files that were placed (Trojan .exe files) it seems that the cracker thought it was a windows machine. The file was placed 4 days before I noticed the problem leaving plenty of time for the attacker to run a local root exploit and gain complete control of my machine. It doesn't seem he attempted to do anything beyond downloading the trojan with Firefox and placing it on my KDE desktop.
IN CASE I AM WRONG: My hosts.deny contains "SSHD: ALL" and my hosts.allow contains 4 known ip's, therefore eliminating the crackers chances of getting in through ssh. Root login is diabled. My firewall (a separate machine) blocks most other ports. I have changed my passwords, what else can he do to make use of my machine?
Slackware 11, when released very soon, will be when I reformat. Until then I am on high alert and I will be watching all logs.
I think I'll be okay.
Facebook
Twitter