Gentoo Archives: gentoo-user

From: Grant <emailgrant@×××××.com>
To: Gentoo mailing list <gentoo-user@l.g.o>
Subject: [gentoo-user] I've been hacked.
Date: Tue, 11 May 2010 04:59:30
1 I nmap'ed one of my remote Gentoo servers today and besides the
2 expected open ports were these:
4 1080/tcp open socks
5 3128/tcp open squid-http
6 8080/tcp open http-proxy
8 I'm not running any sort of proxy software that I know of and I should
9 be the only person whatsoever with access to the machine. 'netstat
10 -l' doesn't show any info on those ports at all so I suppose it's been
11 hacked as well? I installed and ran 'rkhunter --check' (what happened
12 to the chrootkit ebuild?) but it doesn't seem to be much use since I
13 hadn't established a "file of stored file properties".
15 What do you guys think is going on? What should I do from here?
17 - Grant


Subject Author
Re: [gentoo-user] I've been hacked. Mick <michaelkintzios@×××××.com>