Re: [cobalt-users] RaQ4 R - Hack? Open port 1024, hbci and mIRFFOPRCE-2 Help needed

["Steve Werby" <steve-lists@xxxxxxxxxxxx>]

"Hans Hoefer" <hans@xxxxxxxxx> wrote:
> I have no knowledge about Linux. If I can get help from one of you I'd
> need detailed help about the commands.
>
> Can someone help me with this, please.

Hans, you basically have two choices - detect, remove and replace everything
affected by the rootkit and the intruder or restore the system from the OS
restore CD.  Since you say you have little Linux knowledge you may want to
hire a consultant with Linux security experience.  I do a lot of Linux
security consulting and I have to say that I'd advise restoring the system
from the OS restore CD since the first option can be difficult, time
consuming and not always completely effective.  In any case, if you do not
have a security solution in place, there will still be nothing to prevent
another intruder from gaining access.  You can search the archives or Linux
tutorial sites (search google.com) to find basic instructions on how to
install programs like chkrootkit, lionfind, ipchains, logsentry, portsentry,
lcap, tripwire, snort, etc. but it will still probably prove daunting, many
of the programs will need to be customized for your needs and you'll need to
learn how to use them and interpret the output that some generate.  You'll
probably either need to spend quite a bit of time learning Linux server
administration or you'll probably be well-served hiring a consultant.

If you don't have a copy of the OS restore CD you can get the ISO images
online at ftp://ftp.nl.cobalt.com/pub/iso/ and burn your own copy.  In any
case, please strongly consider implementing a security solution and a good,
tested backup and recovery system if you do not have these in place.  It
almost always pays in the long run to have them in place.  My 2 cents.  Good
luck.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/