Great Thanks! Will try these suggestions.

Marv

Keith Keller wrote:
> On 2006-07-19, Marv Soloff <msoloff@worldnet.att.net> wrote:
>
>>Stock Slackware 10.2 install. Up about six weeks with rudimentary
>>password and login as root. This morning's session went fine, but I
>>must have picked up a bug or virus because I cannot log in again this
>>afternoon.
>
>
> "A bug or virus"? If it was an easily crackable root password, and your
> box was on the public internet, then you've probably been cracked. If
> that's the case, it's really safest to erase and reinstall. (Note, not
> just reinstall, but erase!)
>
> To verify that, boot off of known-good media and run something like
> chkrootkit.
>
> To prevent potential future cracks, disallow ssh in as root, and pick a
> strong password for root and any users you have.
>
>
>>Any ideas on how go get into the system? Rebooting with the
>>install disk and using "passwd" does not work.
>
>
> Rebooting with the install disk and using passwd sets the password for
> the ramdisk loaded into memory, not the password on your hard disk. To
> change the password on disk, mount your partitions (say under /mnt), run
> chroot /mnt, then try to run passwd (this procedure untested).
>
>
>>I really would not like
>>to rebuild this disk, but if I have to - I have to.
>
>
> If you can find convincing evidence that you've been cracked, then you
> have to. But don't overreact too much yet; it's possible that you just
> b0rked something along the line. IIRC the new FAQ has some helpful
> information to tell if you've been cracked; try
> http://www.therockgarden.ca/aolsfaq.txt and look for the entry "Help! I
> think I've been hacked!!!"
>
> --keith
>