Hi Paul, Calling the ISP will help. They won't "get" the guy, only slap his wrist. The biggest, ultimate effect of calling the ISP would be sending him a warning email. ISPs will never forward you any personal info, except if you're a government investigator. And if an investigator gets involved the damage has to be substantial (millions). Don't talk about evidence, and don't blow things out of proportion, this is just a simple mischief, happens to everyone. And patch that ftpd. -Bojan Disclaimer: Obviously my opinions don't reflect the company's. If they did I'd be the CEO. Paul Tan wrote: > Hello experts, > > I am helping a friend who got hacked last few days. > Below is the logs from /var/log/messages, i managed to get the logs > from the "last" command too. Is this sufficient info to call their ISP > and get that guy? > > Rgds, > Paul > > If you need more evidence i can produce eg. rootkits and stuff i found > on the webserver. > <snip> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 13:20:12 PDT