This article describes how we discovered an intrusion in our server (kewl), gathered intrusion elements and the deduced strategy of the attackers. It is publicly released because it may be of some interest for administrators. Please use it for Good Purposes.

Introduction

We have a server hosting several associations. It is a Debian Sarge system, using as often as possible debian packages -- for the strength and global policies of the community. As of today, Debian Sarge is in the (…)