[ale] hacked indicator?

Terry Lee Tucker terry at esc1.com
Tue Nov 21 09:36:04 EST 2000 

Hi:

My machine was hacked a couple years ago. One of the symptoms was that
several of the system commands like ls, ps, and others had been replaced
with the hackers versions. I discovered this when I checked the size of
the ls command against the size of the ls command on another Linux box
that I knew wasn't hacked. The hackers version was hiding the existence
of directories they had created. So, you may want to check the size of
some of those binaries. That's my only experience with it, so this may
or may not be of much help.

Later...

Wandered Inn wrote:
> 
> Call me paranoid, I don't know.  Here's the story.  On all the machines
> I've got the PS1 prompt set up to display 'id at machinename' so that if I
> ssh to another machine, I can tell at a glance what machine/id I'm
> running on that machine.  The other day, I ssh'ed into my firewall
> machine and the prompt displayed 'uid at machinename'.  I found this
> bizarre and thought maybe it was something to do with the way PS1 was
> setup, but when I execute 'id -un' it too returns the uid rather than
> the user name.  If I su to root, the prompt properly changes to
> 'root at machinename.'  The other id is a common id I use across all my
> machines for ssh access.  Once I'm connected, I su to root to do
> whatever I might need to do.
> 
> Question is, is it possible this is a side effect of being hacked?  I've
> been checking out the log files and such and can not find anything else
> out of the ordinary.
> 
> Anyone seen a similar aberration?
> --
> Until later: Geoffrey           esoteric at denali.atlnet.com
> 
> "Great spirits have always found violent opposition from mediocre minds.
> The
> latter cannot understand it when a man does not thoughtlessly submit to
> hereditary prejudices but honestly and courageously uses his
> intelligence."
> - Albert Einstein
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

-- 
Sparta, NC 28675 USA
336.372.6812
http://www.esc1.com
The Gates of hell shall NOT prevail...
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list