Well said !Quote:
Crimina1
Printable View
Well said !Quote:
Crimina1
well that was REAL helpful, wasn't it? <-----Spineless Coward
The hacker (don't know if it's the same one) tried again only this time my firewall stopt him so I got an ip number. I noticed he/she was port scanning me so I took the ip and sent an email to the isp. They said the issue should be resolved shortly and there hasn't been any attacks since. I hope this resolves the whole issue but i'm still wondering how he/she got in the first time :confused: And if thers a trace somewhere else then the logs?
Thanks for all the help
There could be traces of the hacker still. Check the modification dates and times of all executable files, and compare the checksums, if you know what the original checksums were, or can find out.
You should pay particular attention to su, ifconfig, and the netstat executable files, and check in xinetd.conf for any unusual entries, or services that you didn't specifically start.
Of course, this might not apply to OSX. I've no experience with it, and am just assuming it is still sufficiently unix-like.
Sorry...it was I who hacked your system. I used the very little known 'flux-capacitor' exploit. I'll stop now. :D
http://www.atstake.com/research/tools/task/
TASK is a post-incident forensic toolkit brought to you by our good friends at @stake. Yes it compiles on OS X
This oughta help you gather some evidence of what happened.