Date:  Thu, 30 Jul 2009 10:41:55 +0200
From:  Taco Scargo <taco (at mark) scargo.nl>
Subject:  [coba-e:15850] Re: [LIKELY_SPAM]Root exploit on Blue Quartz
To:  coba-e (at mark) bluequartz.org
Message-Id:  <F8C0A438-9892-4429-BC33-1881AE8444E7 (at mark) scargo.nl>
In-Reply-To:  <4A713F25.7000801 (at mark) monostar.net>
References:  <E776AF61EE604DC3BC41E9AB2D91AAA2 (at mark) HP9925NR> <200907300403.10254.bq (at mark) solarspeed.net> <00f101ca10c1$5b83fe70$6401a8c0 (at mark) HPPAVILION> <4A713F25.7000801 (at mark) monostar.net>
X-Mail-Count: 15850

Or stop using Windows/Internet Explorer all together.
I am 100% sure this person knew your admin password.
He (or she) also must have used BQ before, else one does not use the  
gui to create a user.
He could have logged in using ssh right away with the admin account.  
Why go through the trouble of creating another account.

Are you 100% confident you are the only one that knows the password ?  
Never requested help from someone ?

On 30 jul 2009, at 08:35, Kristian Eklund wrote:

>
>> I looked in the admserv logs and saw where he just logged in and  
>> created a
>> user.  How did they get my password?  It's not an easy password and  
>> I only
>> use on my server and home router, no where else.  Packet sniffers?   
>> Is there
>> a way to tell if you have password sniffers/keystroke loggers on your
>> computer?
>
> A good (and updated) antivirus program often finds them. But you  
> cannot be sure until you do a fresh Windows install and check your  
> keyboard cables..
>
>
> /Kristian
>