| 1 |
The previous message about his apache machine being hacked brings up a |
| 2 |
question I have. How does one tell they've been hacked from just looking |
| 3 |
at the logs? |
| 4 |
|
| 5 |
I know it depends on what service is running, but how do you know what |
| 6 |
to look for? Do you routinely scan logs? Is there some program that |
| 7 |
automatically scans logs for obvious things? |
| 8 |
|
| 9 |
Which brings me to another question. I've been getting some returned |
| 10 |
mails, that I know I didn't send, saying undeliverable mail to such and |
| 11 |
such (mostly from aol, hotmail, etc). This one particular returned email |
| 12 |
I got on my university account worries me a little more, because it got |
| 13 |
returned from another university mail server, saying the possibility the |
| 14 |
message contained a virus. How do I make sure this isn't coming from one |
| 15 |
of my home computers? |
| 16 |
|
| 17 |
It should be noted that my home network consists of my server (gentoo), |
| 18 |
laptop (gentoo 99%, winxp the other time), and a desktop that runs |
| 19 |
WinXP. My home network is behind a router, with only ssh port forwarded |
| 20 |
to the server. I used to use djbdns, until a ping to my domain once |
| 21 |
returned a 192 address, so I shut it down (will move to bind in the |
| 22 |
future). I only check email on gentoo laptop, so I'm thinking it's more |
| 23 |
likely than not that my email address is being spoofed. |
| 24 |
|
| 25 |
Tom |
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
gentoo-security@g.o mailing list |
Archives