compromised Linux box
Shane Hathaway
shane at hathawaymix.org
Thu Apr 12 15:58:04 MDT 2007
Richard Scott McNew wrote:
>> I've had two Linux boxes compromised before. On the first, which was
>> connected to the Internet via a modem (!), the shell started behaving
>> strangely. I don't remember what it did exactly, but the root kit that
>> hit the machine replaced some executables without noticing that the
>> replacements linked with the wrong libraries. Duh. Then I not only
>> wiped the machine, I switched distributions.
>
> Shane: What distros were you using that were compromised?
Caldera Open Linux and Mandrake. I blame myself for the first one,
since I was lax with updates, but Mandrake surprised me. In the first
case, they got in through an Apache vulnerability involving long request
lines. The Mandrake break-in was pretty clean and I couldn't figure out
exactly how they got in.
Shane
More information about the PLUG
mailing list