From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HG583-0007sP-TD for garchives@archives.gentoo.org; Sun, 11 Feb 2007 03:11:52 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l1B3Ab4E029751; Sun, 11 Feb 2007 03:10:37 GMT Received: from rwcrmhc14.comcast.net (rwcrmhc14.comcast.net [204.127.192.84]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l1B36g1Q022609 for ; Sun, 11 Feb 2007 03:06:43 GMT Received: from spinner (c-69-249-7-96.hsd1.nj.comcast.net[69.249.7.96]) by comcast.net (rwcrmhc14) with ESMTP id <20070211030641m1400k4imne>; Sun, 11 Feb 2007 03:06:41 +0000 From: Jerry McBride Organization: TEAM-GENTOO To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Did I just get hacked??? Date: Sat, 10 Feb 2007 22:06:39 -0500 User-Agent: KMail/1.9.6 References: <49bf44f10702101827k199bf270yfb65ed1f4f5195e0@mail.gmail.com> In-Reply-To: <49bf44f10702101827k199bf270yfb65ed1f4f5195e0@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200702102206.40008.mcbrides9@comcast.net> X-Archives-Salt: 69f4a606-96e2-4265-bb8e-cc25fefb80bd X-Archives-Hash: b364ef5388cdc137075e41e2207b1d33 On Saturday 10 February 2007 09:27:10 pm Grant wrote: > The contents of my /home/grant/vmware folder have suddenly > disappeared. I haven't noticed anything else strange yet. I did > configure and start shorewall for the first time yesterday instead of > using a few iptables commands from the Gentoo Home Router Guide. I'm > also running PenguinTV (a video RSS aggregator with an ebuild in > bugs.gentoo.org) and transmission (a bittorrent client in portage) for > the first time. My shorewall config is here: > > http://archives.gentoo.org/gentoo-user/msg_108375.xml > > What should I do next? > > - Grant 1 - if you aren't sure, then take it off the net untill you are sure. 2 - view the log files in /var/log 3 - look at the contents and the file dates... see anything "not rigt" 4 - from a "rescue disk" of some merit and run chkrootkit or simiar tool. 5 - did/are you running any internet services? Look at their log files with a magnifying glass for "any" discrepancy... -- Jerry McBride -- gentoo-user@gentoo.org mailing list