thuis system has a VERY secure root password, and does allow root ssh using a password. they seem to have compromised a useraccount that does not have sudo privs. they DID delete root's bash_history, but not the compromised user's history, so I have a list of websites that they downloaded irc bots from. what to do next? post details of .bash_history here? We're still trying to determine their method of access to root
[link] [10 comments]