08-25-2007, 02:09 PM
Quote:So the box has been compromised, backdoor installed and it's been converted to a zombie. The attacker made several mistakes allowing him to be detected:
* Forgot to wipe out root's .bash_history.
* Wiped out everything under "/var/log/*", including directories which several programs relied on and thereby refusing to start. Now, why did he do that? This certainly was stupid.
* Changed the root-password. Another bummer. Never ever change the root-password. This surely will catch the attention of a sysadmin...
full article: http://blog.gnist.org/article.php?story=...ayCracking