From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IY5Ht-0003iR-9A for garchives@archives.gentoo.org; Wed, 19 Sep 2007 19:32:42 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8JJN3G5016429; Wed, 19 Sep 2007 19:23:03 GMT Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8JJIi5o011493 for ; Wed, 19 Sep 2007 19:18:45 GMT Received: from zaphod.digimed.co.uk (zaphod.digimed.co.uk [192.168.1.1]) by mail.digimed.co.uk (Postfix) with ESMTP id 787261C1473 for ; Wed, 19 Sep 2007 20:18:44 +0100 (BST) Date: Wed, 19 Sep 2007 20:18:40 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Hacked by association? Message-ID: <20070919201840.21187125@zaphod.digimed.co.uk> In-Reply-To: <49bf44f10709191109x58494aa3n3182cea59553d510@mail.gmail.com> References: <49bf44f10709191109x58494aa3n3182cea59553d510@mail.gmail.com> Organization: Digital Media Production X-Mailer: Claws Mail 3.0.1cvs7 (GTK+ 2.10.14; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Sender: neil@digimed.co.uk Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary=Sig_ArzNjxTpTQ6Q+7AzwN2IxAJ; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 4a0677f5-b6da-4e0e-96c9-ac6f29ffeb15 X-Archives-Hash: d14f8ab4e0e35c4a168d2827a26c51c4 --Sig_ArzNjxTpTQ6Q+7AzwN2IxAJ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 19 Sep 2007 11:09:30 -0700, Grant wrote: > Last night my host sent out a message that their database had been > compromised. I contacted them this morning and it turns out that all > of their trouble tickets were exposed. I checked my records and > (stupidly) I had included my root password in an email to them about a > year ago. I (stupidly) hadn't changed the password since. I've > changed it now and rebooted the system, but what do you think? Do I > need to start this thing over? equery check sys-process/procps equery check sys-apps/coreutils Make sure that none of the executable files have changed. Also, emerge and run app-forensics/rkhunter --=20 Neil Bothwick Top Oxymorons Number 37: Sanitary landfill --Sig_ArzNjxTpTQ6Q+7AzwN2IxAJ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFG8XYTum4al0N1GQMRAkaLAJ4/5M4fNhIYKbzMbBl8Vx9mSJ74PQCeLxIU wqtvBDZnyfscVA9rgsyzWKs= =PuIb -----END PGP SIGNATURE----- --Sig_ArzNjxTpTQ6Q+7AzwN2IxAJ-- -- gentoo-user@gentoo.org mailing list