FedoraThis forum is for the discussion of the Fedora Project.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Hi all, several of my home machines (all run Fedora Core 3) have been hacked and I want to know what to do to get rid of all the malicious things left behind. I believe it is because one of the user has a weak password and the hacker entered that account then run a bunch of ssh port scan and probably many other things. I have disabled that useraccount, kill all his processes, change rootpw and run chkrootkit on the machine and it reports some problems still around. The machine is now offline.
Basically I need your guidance in recover from this without complete reinstall. Thanks in advance.
... sniplet of the report from chkrootkit ,
Checking `bindshell'... INFECTED (PORTS: 4000)
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 3460 tty4 /sbin/mingetty tty4
! root 3462 tty5 /sbin/mingetty tty5
! root 3464 tty6 /sbin/mingetty tty6
chkutmp: nothing deleted
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.