[Dshield] team amber alert server compromised
beistle_jr at hotmail.com
Sat Aug 19 19:04:15 GMT 2006
Team Amber Alert is a non profit public charity ... My linux server was taken over ... I am in need of advice how to preserve the HD image to download it for forensic review prior to reload ... Ev1 was not very informative as they did not want to give advice to incur liability ... I am in hopes some one could donate time to help trak down these hacks and scripters ... For now I am in damage control to determine level and swift measure to follow to restore secure services once again for now I am preparing to slave the HD and place new restore on the virgin HD /... What to do with the poisoned HD and how to preserve the evidence to have if I can bring them to justice ... for now I am dealing with the exposed server and the lack of reasonable open source tools for Linux Servers to remain secure ... thank for Dshield and all who comment ... The is a notice that any who were attacked by our ip please advise and preserve copies of the material etc please let me know ... at this point I have no clue the type of compromise but that a tmp folder was opened and operating code ... had had disabled that so I believe the whole server must be compromised passwords and all ... I will be offline shortly to stop further attacks while I clean up.
806 853 9400
red hat linux server at EV1
Try Live.com: where your online world comes together - with news, sports, weather, and much more.
More information about the list