Re: HELP SOS

To: Hereward Cooper <zadok@phreaker.net>
Cc: debian-isp@lists.debian.org
Subject: Re: HELP SOS
From: Roger Abrahamsson <roger@obbit.se>
Date: Tue, 20 Nov 2001 21:38:17 +0100
Message-id: <[🔎] 3BFABF39.80804@obbit.se>
References: <[🔎] NFBBIMBCKKAEBNNNDCDHAEDJCOAA.craigsc@zdata.co.za> <[🔎] 3BFA17A9.7040107@obbit.se> <[🔎] 20011120201726.7bfa8b83.zadok@phreaker.net>

Hereward Cooper wrote:



Talking about being locked out of mysql, the other day I found my machine doing
very strange things at things at 6:30am very morning. It started by my root
password being changed (from nothing), after which I just reinstalled. Next the
grant tables got screwed up by something and I was locked out of very db on the
server. I backed up the important db's and reinstalled, every thing seemed to
work. The next day the exact same thing happened, at the same time.
The mysql.log files listed php-nuke trying to do stuff even when it wasn't being
used or hadn't been in many days. I blew away php-nuke, which I wasn't using
anyhow and everything seems to be back to norm.
Anyone know why this might happen? Anyone had this problem?

Thanks,

Hereward




php-nuke has a big security hole in it.. you can read up more on it on:

http://lwn.net/2001/1115/security.php3

Your server sounds compromised, I'd look deep into files or better takea copy of anything important and reinstall from scratch.


/Roger

Reply to:

References:
- HELP SOS
  - From: "Craigsc" <craigsc@zdata.co.za>
- Re: HELP SOS
  - From: Roger Abrahamsson <roger@obbit.se>
- Re: HELP SOS
  - From: Hereward Cooper <zadok@phreaker.net>

Prev by Date: Re: HELP SOS
Next by Date: Re: HELP SOS
Previous by thread: Re: HELP SOS
Next by thread: Re: HELP SOS
Index(es):
- Date
- Thread