Hacker News new | past | comments | ask | show | jobs | submit login

If you aren't certain that attacker did not managed to gain root access you should assume the worst.

So, power down, boot from a clean medium and do a full check, validating (debsums, tripwire, rdiff with a copy of backup, etc) every configuration and executable file out there. Or, to save time, just wipe everything out and quickly redeploy the services.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact