[Dshield] What passes for a server admin

Johannes B. Ullrich jullrich at euclidian.com
Mon Mar 28 15:22:48 GMT 2005


Sad indeed :-(. He mentions that he asked ServerBeach (the ISP) for 
help. I don 't know them (ServerBeach), so I am not sure how they will 
respond. In most cases I would hope they will at least disconnect the 
system from the outside. From the sound of the message, it looks like 
the system is rooted. I don't expect that anything other then a rebuild 
from scratch will help. Most colocation facilities like ServerBeach will 
give you the option to hire someone by the hour to cleanup a system like 
that, or to rebuild it. But a good cleanup would be very time consuming 
(if possible at all).



jayjwa wrote:
> 
> I ran into this article while I was looking for something else. It 
> describes an admin talking to a forum of other server admins about 
> getting hacked. The guy has absolutely no clue what he's doing; he's 
> confirmed rooted, and scanning other servers, yet never does it occure 
> to him to pull the plug on the thing. All he says to the other admins is 
> 'sorry if my box is attacking yours'. Check out this article to see why 
> there are so many hacked servers on the 'Net today:
> 
> 
> http://forums.serverbeach.com/archive/index.php/t-2163.html
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20050328/442d2c61/signature.bin


More information about the list mailing list