Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)

[Karsten Dambekalns <Karsten@k-fish.de>]

Hi.

On Friday 22 July 2005 00:00, Rob Sims wrote:
> On Thu, Jul 21, 2005 at 11:49:53PM +0200, Karsten Dambekalns wrote:
> > way? What is currently possible in that respect on a machien that runs
> > ssh, apache, php, exim and nothing else (all as of Debian 3.1)?
>
> Didn't one of your logs show overwriting the apache logs?  Seems like
> the attacker was trying to cover up something there.

Right. Although in that place the log file was pretty much unused, all hosts 
running had their own log files elsewhere.

I checked the Apache advisories list, and nothing listed could have affected 
that server. At least not in a way to be able to log in and create a user.

Karsten
-- 
This email is ROT26 encrypted, by reading it you are in violation of the
DMCA, and should turn yourself in to the authorities immediately.
                                                           (Chris Berry)