Can You Interpret This Hacker's Script?

Kimball Larsen kimball at
Thu Oct 1 12:21:07 MDT 2009

Yes, there was one site with a feedback form.  I think this was the  
way in.

I also ran chkrootkit and rkhunter - both came back clean, so I don't  
think the box has been p0wn3d.

- Kimball

On Oct 1, 2009, at 11:45 AM, Jonathan Duncan wrote:

> On 01 Oct 2009, at 09:21, Kimball Larsen wrote:
>> Thanks for the info -
>> now what do I need to do about it?  As far as I can tell, the script
>> was not able to run correctly - it spewed lots of errors to my system
>> logs, and I've got hosts.deny set up so that the only ssh connections
>> allowed are from IPs I control.
>> Do I need to worry about rebuilding the box?
> Do you have any web accessible sites running on that machine?  The
> most common culprit for hacks of this kind are web scripts with holes.
> /*
> PLUG:, #utah on
> Unsubscribe:
> Don't fear the penguin.
> */

More information about the PLUG mailing list