hi,
my system have been hacked , i already try few command like :
last -> didn't find any ip address others than me
/var/log/messages -> didn't find any ip address that successfull log in others than me
i've tried rkhunter, but didn't found any rootkit in my system
i've tried history -> didn't find any suspicious command
i've tried to cat /etc/passwd -> didn't find any suspicious user
my only trace that my system hv been hacked is in binary sql log, that generated from mysqlbinlog :
# at 22572431
65 #070411 12:02:22 server id 1 log_pos 22572431 Query thread_id=3239 exec_time=0 error_code=0
66 SET TIMESTAMP=1176292942;
insert into user (userid,username,userpassword,usertype) values ('admin','admin','admin','pusat1');
68 # at 22572574
69 #070411 12:02:22 server id 1 log_pos 22572574 Query thread_id=3239 exec_time=0 error_code=0
70 SET TIMESTAMP=1176292942;
71 delete from embassy;
he inserted admin user, and deleted my table
currently i'm using slackware 10.1 and mysql 4.1
please advise ?
thanks