Was I hacked?

Subject: Was I hacked?
From: Israel Alvarez (is@isaka.net)
Date: Thu Aug 17 2000 - 11:34:12 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Kelsey Damas: "Re: Was I hacked?"
• Previous message: Stefan Schneider: "RE: Linux as fileserver"
• Next in thread: Kelsey Damas: "Re: Was I hacked?"

When I telnetted into my YDL server this morning, I was greeted by this:

"Last login: Wed Aug 16 11:31:58 from
ip-64-63-37-99.reverse.mobilenetics.com"

no one but me should be accessing this machine, and I don't recognize the
domain or the ip (I assume it is 64.63.67.99).

I did a find / -mtime 1 to find files modified in the last day, and saw
nothing suspicious, but I don't know if there's a way of spoofing that. Any
suggestions? Should I take my server down for a few days? Is there some
software I can install to block/track possible attacks? Or is this even
really a cracker?

I don't want my machine to wind up being part of someone's DDOS attack.

-- 
Israel Alvarez
is at isaka dot net
propellerhead without portfolio
isaka studio
"The crimes of eBay are a disgrace to its pig latin heritage" 

• Next message: Kelsey Damas: "Re: Was I hacked?"
• Previous message: Stefan Schneider: "RE: Linux as fileserver"
• Next in thread: Kelsey Damas: "Re: Was I hacked?"

This archive was generated by hypermail 2a24 : Thu Aug 17 2000 - 11:36:10 MDT