I've been hacked!

Hey,

Ive just discovered my Linux box got hacked, thanks to my ISP writing me a letter threatening disconnection.

I have his IP, and i want to find out what he's done - I'm pretty confident he didnt gain root access. Her'es some files:

[root@linuxserve m]# file darwin
darwin: Mach-O executable ppc
[root@linuxserve m]# pwd
/var/tmp/m
[root@linuxserve m]# ls
auto freebsd Lov3r_m3ch.seen mech.session unix3.users
China.seen [HK}TEAM.seen lover mech.set ZaHackers.seen
chyna.seen Kidy.seen Lover-bot.seen randfiles
cobrabot.seen L0v3-Guard.seen mech.levels unix1.users
darwin LinkEvents mech.pid unix2.users
[root@linuxserve m]# cd ..
[root@linuxserve tmp]# ls
m m.tgz private
[root@linuxserve tmp]# cd private
[root@linuxserve private]# ls
128.30.pscan.22 8w.0.pscan.22 go.sh pass_file.bak shelp.tgz
212.33.pscan.22 a pass1 pscan2 ss
24.126.pscan.22 checkroot pass1.save README.doc ssh-scan
82.50.pscan.22 core pass_file shelp vuln.txt
[root@linuxserve private]#

From that can i figure out what he's been up to?

Thanks!
Dan

 

 

 

 

Top