The Hungarian link is still functional, so go get wtf.tgz. It's a real script kiddy's toolkit. There's even word dictionaries. It also has the a shell script that was copied to the compromised account's directory. It may help you trace any changes made.
For the next time (I truly hope there won't be any), please enforce strict password policies, like setting minimum length, with both low and uppercase alphanumeric sets.
And check the handbook, part III (System Administration), especially chapters 13 to 17. There are many good security tips.
__________________
May the source be with you!
Last edited by Beastie; 1st July 2009 at 06:11 PM.
|