The bane of any System Administrator, script kiddies crack into systems, usually to prove to their friends that they're "l33t" or to run an IRC bot. Luckily, they are generally as incompetent as they are annoying. It's amazing how much effort script kiddies go through to hide their tracks, even though they usually end up doing one or two stupid things that immediately reveals their presence. Some examples I've dealt with in my career:
  • Deleting /var/adm. Within five minutes we received cron messages with errors to that effect.
  • Replacing important system binaries. Tripwire catches this almost immediately.
  • Starting a warez site. What's the point? Warez sites consume so much bandwidth and disk space that they will be shut down within a few hours at the most.
  • Leaving files in /tmp. I look in /tmp frequently because I tend to make a mess of it myself. I quickly discover anything that isn't familiar.
It's also amusing how much effort they go through to cover their tracks, when they forget the obvious, like .bash_history files and the fact that the system syslogs to a remote log server.

Of course, this is a good thing. Imagine what it would be like if script kiddies were actually competent?