compromised Linux box

Shane Hathaway shane at hathawaymix.org
Thu Apr 12 15:58:04 MDT 2007


Richard Scott McNew wrote:
>> I've had two Linux boxes compromised before.  On the first, which was
>> connected to the Internet via a modem (!), the shell started behaving
>> strangely.  I don't remember what it did exactly, but the root kit that
>> hit the machine replaced some executables without noticing that the
>> replacements linked with the wrong libraries.  Duh.  Then I not only
>> wiped the machine, I switched distributions.
> 
> Shane:  What distros were you using that were compromised?

Caldera Open Linux and Mandrake.  I blame myself for the first one, 
since I was lax with updates, but Mandrake surprised me.  In the first 
case, they got in through an Apache vulnerability involving long request 
lines.  The Mandrake break-in was pretty clean and I couldn't figure out 
exactly how they got in.

Shane



More information about the PLUG mailing list