[Dshield] team amber alert server compromised

John Groseclose iain at caradoc.org
Sat Aug 19 23:55:50 GMT 2006

At 11:23 PM +0000 8/19/06, Family Beistle wrote:
>I am just now logged into the server but have made no changes ...

Unfortunately, simply logging into the server has introduced changes, 
unless you have absolutely no logging going on. In such cases, a 
safer bet is to shut down the machine and mount the drive read-only 
after booting from a different drive.

Inter spem curamque, timores inter et iras
Omnem crede diem tibi diluxisse supremum:
Grata supervenient, quae non sperabitur hora.
De inimico non loquaris sed cogites
Spam Delenda Est

More information about the list mailing list