Hello,

My linux 6.2 got completely hacked. The hacker changed the passwordfiles. Now i have no access to root or any of the files. How do i recovery my os and the box to start performing again. Any suggestions would be greatly appreciated.

in your situation there is really no telling what the hacker has already done to the machine in your case a reinstall from scatch is recommended.
if you want to still get into the box as it is now you will need to boot to single user mode and type passwd command. that will allow you to change your root password to whatever you like.

However in your shoes I would format and reinstall. the hacker probably has that box backdoored worse than a jonesing crackwhore.

...backdoored worse than a jonesing crackwhore.

Dang! Is that as bad as it sounds?

Originally posted by vttimwhite
...backdoored worse than a jonesing crackwhore.

Dang! Is that as bad as it sounds?



Thanks for the reply i am going to do new install on redhat linux 7.3. Any rating on Linux 7.3?


Also my BOX is offline for now. But when i try to putit online my ethernet port doesn't come out. There is not packet passinthrough but when i do netstat-a i see there is a tcp and icmp session established and foreign address is covered.

lol, ....
well from his discription of the problem sounds as though the box is completly rooted/Owned.
if the hacker installed a good root kit then there would be no real effective way for him to assess the damage.
replaced netstat to hide the tcp or udp listening or connected ports.
redirected logs no functioning logs to hide traces of damage.
hidden user accounts.
and allot more can be comprimised.

no way to tell.

Personally I would disable whatever internet connection you have (I mean physically. if you have dsl or cable unplug it. If it's a dial-up, don't) Then find out what was compromised. Take notes to determine the exact package that got hacked (so it doesn't happen again) and THEN reinstall from scratch. Making sure to format the partitions during install. That is the only sure fire way. If you can get back in backup any sensitive data first.

Sounds like you don't have much of a choice. I would not trust any software on your system until you rebuild the OS from scratch (preferably booting from a CD). A few hints from a paranoid:

a) Choose a good root password. At least eight characters and a minimum of one non alpha somewhere in there. Don't pick a word from the dictionary, names of childrens, spouses, pets or dates.... too easy for a hacker to break.

b) Use a normal id with as few privileges as possible. Don't use ROOT as a normal id!

c) Apply all of the security updates ASAP. (I check daily)

d) Backup your data files to at least one computer. (Personally I backup to ZIP disk, a second machine and a CD/RW, but, I am paranoid).

e) Change all of your passwords on a regular basis. Don't make all your ids with the same password, make the SOBs work for access! (Even my wife does not have my passwords).

f) There are excellent articles on security that describe the basics on securing your machine.

g) No security is 100%!!! All we can do is our best to minimize the damage and to hopefully identify the person(s) who rooted us and figure out how to plug the new hole.

h) There are packages out there that will probe your system to see how secure it is.

That box is screwed. :( Do a fresh install and update all those security patches quickly (as soon as you go online)

If you are using a static ip, see if you can have your isp change it to something else, so our friend won't have direct access to the new computer that is up and running.