Hello everyone, I was recently given root access to a box by a friend, so that i could setup some web-services and ftp acess. Well, i logged in, and i found that it had been 'r00ted' by '31337 h4x0rz' more than once ;/ So i traced the one guy via his bot to one server, didnt say anything, just removed the accounts he made, so now all thats left is root. And i changed roots password.
Now the thing is, im pretty sure there is a backdoor, and the deamon they prolly exploited is still running ;/ (there were like 1000 processes running on this lil P2).
My idea, is to format and re-install RedHat v9, but this time i wanna tell my friend what he needs and doesnt need to install. And i would like to make sure that ONLY ssh, is the only thing that should auto-run on the box when its started. And nothing in CRON either.
So really my question is, could someone please point me to a tutorial that would guide me to do a clean RedHat install w/nothing in the CRONTRAB auto-run files, and only SSH running?
Thank you very much,
Mikelo2k
Linear Mode
