How do I recover after my computer has been cracked?
If your Penn machine is cracked, Penn requires that you notify your IT support organization. Contact CETS if it is a SEAS machine. We will determine if other steps are required by Penn policy or by law.
If you suspect your machine has been cracked, please contact CETS immediately.
- Notify everyone with an account on the machine that their password has been compromised, and that they should change that password if they use it anywhere else.
- The next step is to secure the machine. The easiest way to secure the machine is to copy the disk, wipe it, and then re-install the OS from scratch and install all security patches for that version of the OS.
- Then re-create the active accounts, and carefully copy in the old files from backup. You need to be careful not to copy over any trojan horses left by the intruder. Non-executable files are generally safe, but config files, cron jobs, scripts, and executable files should be checked. Any setuid executables should be discarded or checked thoroughly.
- Now you can reconnect the machine to the net and scan it for security problems.
- Once you are back up and running, please follow the Linux/Unix best practices guide.
If the machine is on SEASnet, CETS needs to be confident that the machine is secure before we can let it back on the net. We can work with you to develop a plan.