Quoting Brian (tobytoo at black-hole.com): > My system was hacked last night, I was shut down from 10 pm until about > 9 this morning, when I rebooted I had a new account called pbadmin on my > login screen, before I just blow this acount away I would like to find > out how he got into my system. Any suggestions on how to back track > him? > I'm running caldera 2.4edesktop, with a dsl connection through a cisco > 675 and a netgear RT311 router. Do you run tripwire? Do you have *.deug in your syslog.conf being logged somewhere? Do you run swatch? Do you have swatch print to hardcopy any "unusual" things? If they are good and you only syslog to your local machine and no hard copy more then likely all traces of the hack go erased. -- Bob Tanner <tanner at real-time.com> | Phone : (612)943-8700 http://www.mn-linux.org | Fax : (612)943-8500 Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9 --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org