[NTLUG:Discuss] Eggdrop

[richard witt]

On Wed, May 6, 2009 at 3:49 PM, George Lass <george.lass at sbcglobal.net> wrote:
> Looks like I have left my ssh port open for a bit too long, and my old RedHat 9.0 (yes the original free RedHat) machine has been hacked.  I found a program called eggdrop running on it.  After securing my machine, I found a few web pages on eggdrop, calling it an IRC bot.  It *seems* like it might be harmless, but given that it had been running for a couple of weeks, I'm wondering what kind of damage it might have done, or what data it might have stolen.  Anyone have any previous experience with it?

Eggdrops are just that, irc bots. And because it was installed by
someone that hacked your system there is no telling what information
it might have stolen. I i would suggest you completely wipe that box
and start over. I would even be suspect of any data you might have on
there. Securing it will not be enough. Backup any data you might need
off of it and start over. There is no telling what else on that box
has been "rooted".