Re: Server hacked - next...?

To: "Daniel K. Gebhart" <dkg@con-fuse.org>, <debian-isp@lists.debian.org>
Subject: Re: Server hacked - next...?
From: "Jason Lim" <maillist@jasonlim.com>
Date: Tue, 1 Jul 2003 10:05:01 +0800
Message-id: <[🔎] 001201c33f75$48278960$0800a8c0@SYSTEM8>
Reply-to: "Jason Lim" <maillist@jasonlim.com>
References: <Pine.LNX.4.43.0306290156100.10730-100000@blackhole.quasar.net> <[🔎] 05d501c33e0e$2ac03650$0800a8c0@SYSTEM8> <[🔎] 20030629102954.GA1280@con-fuse.org>

Hi Daniel,

Yeap, I follow Bugtraq... too bad Debian came out with the "official"
kernel ages after it was revealed.

Actually running 2.4.21 now... but it certainly is possible that during
the gap between when we were running 2.4.17/18 to when we upraded to
2.4.21, someone got in.

Actually, from what I can tell now, someone APPEARS to have got in through
a user's vulnerable script... i think phpBB or one of those, and then
obtained remote access that way, then maybe run those rootkits and
stuff....

I am thinking it might have been related to the ptrace bug because i saw a
weird "modprobe" entry there, but then again.... many rootkits fool around
with modprobe???

Sincerely,
Jas

----- Original Message ----- 
From: "Daniel K. Gebhart" <dkg@con-fuse.org>
To: <debian-isp@lists.debian.org>
Sent: Sunday, 29 June, 2003 6:29 PM
Subject: Re: Server hacked - next...?

Reply to:

References:
- Re: Server hacked - next...?
  - From: "Jason Lim" <maillist@jasonlim.com>
- Re: Server hacked - next...?
  - From: "Daniel K. Gebhart" <dkg@con-fuse.org>

Prev by Date: mysql admin user problem
Next by Date: Re: Server hacked - next...?
Previous by thread: Re: Server hacked - next...?
Next by thread: Re: Server hacked - next...?
Index(es):
- Date
- Thread