hacker attack: leaves .BitchX dir in root's home

To: debian-user@lists.debian.org
Subject: hacker attack: leaves .BitchX dir in root's home
From: Carlos Carvalho <carlos@fisica.ufpr.br>
Date: Wed, 14 Jan 1998 21:24:44 -0200
Message-id: <[🔎] 199801142324.VAA01586@hoggar.fisica.ufpr.br>

My site has been atacked by a hacker using a method that leaves a
directory .BitchX (or something close) in root's home dir. It gets the
user/password combination of any user that telnet, ftp or use pop3 to
get to the machine (no ssh).

What's the security hole that's being exploited? At first the attacker
didn't have the root password.

Any help is greatly appreciated. This is urgent...

Carlos


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: hacker attack: leaves .BitchX dir in root's home
  - From: Rick Jones <rick@cyberdynamics.com>
- Re: hacker attack: leaves .BitchX dir in root's home
  - From: Frank Barknecht <barknech@ph-cip.uni-koeln.de>

Prev by Date: Why /floppy -- why not /mnt/fd or something?
Next by Date: debian 1.2x ldso upgrades
Previous by thread: Re: Why /floppy -- why not /mnt/fd or something?
Next by thread: Re: hacker attack: leaves .BitchX dir in root's home
Index(es):
- Date
- Thread