From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IY4eU-0001BV-HG for garchives@archives.gentoo.org; Wed, 19 Sep 2007 18:51:59 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8JIgnUu025758; Wed, 19 Sep 2007 18:42:49 GMT Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.190]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8JIaYEt017713 for ; Wed, 19 Sep 2007 18:36:35 GMT Received: by rv-out-0910.google.com with SMTP id b22so251836rvf for ; Wed, 19 Sep 2007 11:36:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=7KDFD8dQXfLXQpYkD5D+Qq9z/vQmuopZC7b85Qvs2TM=; b=g7bY3VScZoinxgXH+JSxwNAJAHKaXrWiTIBIWw0gDvg9RGGZgxenvO1rcRQVDWdWsOXQl5pMAxkVxsvHufBHOPWtQUHPLauSyIKqHW5mbSWrTv/RRkpp40ywtbGIIFuJp6NW33TyiogSkpWvzIIpULS5uOqtQ84oqZKjEifCmZc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=sDMqE5StTyNl3h7CP1ijVcJ3BtODc4PBq4vtGwuQE/9/OU7flfFWYAt/K0w5RR7lRidFXLedwx/ufw7yEk1AkaRX3LU7rQp5MiztqnEPdLC1uqcUaDXkM4jfO+D9sBaRlo0w4ggaiTPzujGUz2z0PASCSGVH+9kUnuD97S+tCj4= Received: by 10.115.74.1 with SMTP id b1mr412876wal.1190226993887; Wed, 19 Sep 2007 11:36:33 -0700 (PDT) Received: by 10.115.110.15 with HTTP; Wed, 19 Sep 2007 11:36:33 -0700 (PDT) Message-ID: <49bf44f10709191136u7157bceet52b7b5b06ec9d6ac@mail.gmail.com> Date: Wed, 19 Sep 2007 11:36:33 -0700 From: Grant To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Hacked by association? In-Reply-To: <20070919131853.5f817b31@pascal.spore.ath.cx> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10709191109x58494aa3n3182cea59553d510@mail.gmail.com> <20070919131853.5f817b31@pascal.spore.ath.cx> X-Archives-Salt: 4b2c604f-9a61-4e2d-b5f4-0ed694466857 X-Archives-Hash: bb756040579e9f51c4398674f890fef4 > > Last night my host sent out a message that their database had been > > compromised. I contacted them this morning and it turns out that all > > of their trouble tickets were exposed. I checked my records and > > (stupidly) I had included my root password in an email to them about a > > year ago. I (stupidly) hadn't changed the password since. I've > > changed it now and rebooted the system, but what do you think? Do I > > need to start this thing over? > > > > - Grant > > I think you should take a look at the programs that > are running, and netstat -l, and see if anything is fishy. I recognize everything in 'ps -ef' I think, but I've never really used netstat before. Under "Active Internet connections" I don't recognize: tcp localhost:10030 tcp *:snpp I don't recognize most of the paths under UNIX domain sockets. Anything particular I should look for? - Grant -- gentoo-user@gentoo.org mailing list