Can You Interpret This Hacker's Script?

Kimball Larsen kimball at kimballlarsen.com
Thu Oct 1 12:21:07 MDT 2009


Yes, there was one site with a feedback form.  I think this was the  
way in.

I also ran chkrootkit and rkhunter - both came back clean, so I don't  
think the box has been p0wn3d.

- Kimball
http://www.kimballlarsen.com

On Oct 1, 2009, at 11:45 AM, Jonathan Duncan wrote:

>
> On 01 Oct 2009, at 09:21, Kimball Larsen wrote:
>
>> Thanks for the info -
>>
>> now what do I need to do about it?  As far as I can tell, the script
>> was not able to run correctly - it spewed lots of errors to my system
>> logs, and I've got hosts.deny set up so that the only ssh connections
>> allowed are from IPs I control.
>>
>> Do I need to worry about rebuilding the box?
>>
>
>
> Do you have any web accessible sites running on that machine?  The
> most common culprit for hacks of this kind are web scripts with holes.
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */




More information about the PLUG mailing list