Can You Interpret This Hacker's Script?
Kimball Larsen
kimball at kimballlarsen.com
Thu Oct 1 12:21:07 MDT 2009
Yes, there was one site with a feedback form. I think this was the
way in.
I also ran chkrootkit and rkhunter - both came back clean, so I don't
think the box has been p0wn3d.
- Kimball
http://www.kimballlarsen.com
On Oct 1, 2009, at 11:45 AM, Jonathan Duncan wrote:
>
> On 01 Oct 2009, at 09:21, Kimball Larsen wrote:
>
>> Thanks for the info -
>>
>> now what do I need to do about it? As far as I can tell, the script
>> was not able to run correctly - it spewed lots of errors to my system
>> logs, and I've got hosts.deny set up so that the only ssh connections
>> allowed are from IPs I control.
>>
>> Do I need to worry about rebuilding the box?
>>
>
>
> Do you have any web accessible sites running on that machine? The
> most common culprit for hacks of this kind are web scripts with holes.
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
More information about the PLUG
mailing list