Hello,
I am running postfix 2.3 on Debian 4.0 and I got hacked. I can see multiple attempts to connect to gmail and visi.com for some reason. I htough I was pretty good about doing updates and keeping up on patches.
I have the box blocked off now but what I want to do is forensically find out what happened. Can anyone give me some tips on how to tackle this?
I have checked the history command and see nothing that I have not done so I dont think it was rooted. One thing odd is clamav has the cpu pegged at 98% but that is not too odd since this is an NSLUS (SLUG) running Debian.
Being owned sucks...
Thanks,
Pete
Bookmarks