View Single Post
  #2   (View Single Post)  
Old 1st July 2009
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Some programs were executed.
psybnc is ``an easy-to-use, multi-user, permanent IRC-Bouncer'', not sure what is means.
It was executed under the name sshd to hide it.

I don't know what the other files are, but the filenames ``robotbsd.tgz'' and``robotlinux.tgz'' don't sound very good, it was executed under the name ./[kupdateb] to hide it.

The intruder never had root accress, right? (Through sudo).

If so, you can probably undo most harm by making sure there is nothing in this user's crontab and by rebooting the machine, anything the intruder executed will be shut down.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote