Thread: Hacked!!!
View Single Post
  #3  
Old 2nd March 2010, 00:00
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 438
Thanks: 34
Thanked 56 Times in 39 Posts
Send a message via Skype™ to SamTzu
Default

(Uups spoke too soon!! Looks like Ubuntu 8.04 LTS / ISPConfig 2's are also vulnerable.)
Also found them in Debian 5.0.3 / ISPConfig 3's so far.

If your server has been used to hack other servers you can see something like this in 'name'.seen file.

server.name.com none 1267130228 2 Quit: I'll get you for this!!!
m1n2b3b3b m1n2b3b3b!~l3iliboi@161.253.129.67 none 1267471837 3 l3iliboi--
l3iliboi`- l3iliboi`-!~l3iliboi@l3iliboi.users.undernet.org none 1267392327 3 l3iliboi
l3iliboi l3iliboi!~l3iliboi@l3iliboi.users.undernet.org none 1267426060 2 Read error: Operation timed out

Also crontab -e will show your crontab emty execpt a command that will call /usr/lib/.x/update file.
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent


Last edited by SamTzu; 2nd March 2010 at 00:32.
Reply With Quote