[Techtalk] hacked on solaris
Shirrell
shirrell at pstat.com
Sun Aug 25 14:38:18 EST 2002
Our server which is a SUN Sparc 5 running solaris 5.7 has been
hacked. The symptoms are that the perfmeters (performance
meters) appear with a gravestone which has R.I.P on it and
the following message appears:
INIT command is resspawning too quickly
use SV /usr/bin/srload -D -q
The srload command seems to do nothing except complain the
-D is invalid. I have restored the /sbin /usr/sbin /usr/bin
and /usr/lib directories from backups. This seemed to work
yesterday. This morning the problem reappeared and restoring
the same file systems has not cured the problem.
We are a very small company and are connected to the world
a briefly as possible to pick up mail and search the web.
I do not understand the mechanisms for such hacking.
It is obvious that we must finally move to Solaris 8 and put
up a good firewall but in the meantime are there any suggestions
about how to fix the current problem as I cannot Rest In Peace
with that gravestone staring me in the face?
Shirrell at pstat.com
More information about the Techtalk
mailing list