FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

LinkBack Thread Tools
Old 05-11-2010, 04:58 AM
Default I've been hacked.

I nmap'ed one of my remote Gentoo servers today and besides the
expected open ports were these:

1080/tcp open socks
3128/tcp open squid-http
8080/tcp open http-proxy

I'm not running any sort of proxy software that I know of and I should
be the only person whatsoever with access to the machine. 'netstat
-l' doesn't show any info on those ports at all so I suppose it's been
hacked as well? I installed and ran 'rkhunter --check' (what happened
to the chrootkit ebuild?) but it doesn't seem to be much use since I
hadn't established a "file of stored file properties".

What do you guys think is going on? What should I do from here?

- Grant

Thread Tools

All times are GMT. The time now is 01:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org