1 |
The previous message about his apache machine being hacked brings up a |
2 |
question I have. How does one tell they've been hacked from just looking |
3 |
at the logs? |
4 |
|
5 |
I know it depends on what service is running, but how do you know what |
6 |
to look for? Do you routinely scan logs? Is there some program that |
7 |
automatically scans logs for obvious things? |
8 |
|
9 |
Which brings me to another question. I've been getting some returned |
10 |
mails, that I know I didn't send, saying undeliverable mail to such and |
11 |
such (mostly from aol, hotmail, etc). This one particular returned email |
12 |
I got on my university account worries me a little more, because it got |
13 |
returned from another university mail server, saying the possibility the |
14 |
message contained a virus. How do I make sure this isn't coming from one |
15 |
of my home computers? |
16 |
|
17 |
It should be noted that my home network consists of my server (gentoo), |
18 |
laptop (gentoo 99%, winxp the other time), and a desktop that runs |
19 |
WinXP. My home network is behind a router, with only ssh port forwarded |
20 |
to the server. I used to use djbdns, until a ping to my domain once |
21 |
returned a 192 address, so I shut it down (will move to bind in the |
22 |
future). I only check email on gentoo laptop, so I'm thinking it's more |
23 |
likely than not that my email address is being spoofed. |
24 |
|
25 |
Tom |
26 |
|
27 |
|
28 |
-- |
29 |
gentoo-security@g.o mailing list |