From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IYBIC-0000C8-ET for garchives@archives.gentoo.org; Thu, 20 Sep 2007 01:57:25 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8K1lhor015527; Thu, 20 Sep 2007 01:47:43 GMT Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.178]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8K1hTqF010826 for ; Thu, 20 Sep 2007 01:43:30 GMT Received: by wa-out-1112.google.com with SMTP id k34so442496wah for ; Wed, 19 Sep 2007 18:43:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=eZehmnsEffqVRAcP2cKmmZHRG40+qjryQ3ZXmXbtTpU=; b=nIR6w5ENRw4YgIvWW4haL5DPRwGlkOY6w+6XjpGmrVuMMBVXlmGnIqZ89jfTy+WTZmiO7qQyrGe/kwF7ZTzxPXeseZqfjMlYbyruS5T5KJZbqlXoLZXye23mM2clo4jI5BjwM7VQNmi1IGt4HaEXR4AXetTtxu54NIqExfg7fa4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=DmG2zhfFD82jIreVODuLDPzMJiSiVrOc1hRwgVPUsctgYqyJ5X5KQX6DWbPUXauSi+5cFbyyeBKMh7zDEU6udiL93hJiM/LFOqShuOmfW45v2G/w15xBRJrhozLTgCOSOadw5UGykZl2iYfPkSmReVziUJwbjKnR6mHTQyS4Vq0= Received: by 10.114.75.1 with SMTP id x1mr1433490waa.1190252609011; Wed, 19 Sep 2007 18:43:29 -0700 (PDT) Received: by 10.115.110.15 with HTTP; Wed, 19 Sep 2007 18:43:28 -0700 (PDT) Message-ID: <49bf44f10709191843p465df443wc2ea477d6bc84d78@mail.gmail.com> Date: Wed, 19 Sep 2007 18:43:28 -0700 From: Grant To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Hacked by association? In-Reply-To: <20070919201840.21187125@zaphod.digimed.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10709191109x58494aa3n3182cea59553d510@mail.gmail.com> <20070919201840.21187125@zaphod.digimed.co.uk> X-Archives-Salt: 60d63452-8a2a-4d34-b4a0-e7a168b295fa X-Archives-Hash: 92291175cbf67f60103a818e780e2ed9 > > Last night my host sent out a message that their database had been > > compromised. I contacted them this morning and it turns out that all > > of their trouble tickets were exposed. I checked my records and > > (stupidly) I had included my root password in an email to them about a > > year ago. I (stupidly) hadn't changed the password since. I've > > changed it now and rebooted the system, but what do you think? Do I > > need to start this thing over? > > equery check sys-process/procps > equery check sys-apps/coreutils These check out. > Make sure that none of the executable files have changed. > > Also, emerge and run app-forensics/rkhunter chkrootkit reports no problems whatsoever which is actually kind of weird as I remember some things being reported last time I ran it, but I looked into them then and they weren't a problem. rkhunter reports no problems but it says it couldn't determine the OS so MD5 checks were skipped. - Grant -- gentoo-user@gentoo.org mailing list