Can You Interpret This Hacker's Script?
kimball at kimballlarsen.com
Thu Oct 1 12:21:07 MDT 2009
Yes, there was one site with a feedback form. I think this was the
I also ran chkrootkit and rkhunter - both came back clean, so I don't
think the box has been p0wn3d.
On Oct 1, 2009, at 11:45 AM, Jonathan Duncan wrote:
> On 01 Oct 2009, at 09:21, Kimball Larsen wrote:
>> Thanks for the info -
>> now what do I need to do about it? As far as I can tell, the script
>> was not able to run correctly - it spewed lots of errors to my system
>> logs, and I've got hosts.deny set up so that the only ssh connections
>> allowed are from IPs I control.
>> Do I need to worry about rebuilding the box?
> Do you have any web accessible sites running on that machine? The
> most common culprit for hacks of this kind are web scripts with holes.
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG