Re: hacker attack: leaves .BitchX dir in root's home
Carlos:
BitchX is an IRC program that put's a directory called .BitchX in the
users home directory. Either you have this and have used it or your
hacker used it as root. Of course a hacker may have just created it so
it might look normal in your directory. What's in the directory?
Carlos Carvalho wrote:
>
> My site has been atacked by a hacker using a method that leaves a
> directory .BitchX (or something close) in root's home dir. It gets the
> user/password combination of any user that telnet, ftp or use pop3 to
> get to the machine (no ssh).
>
> What's the security hole that's being exploited? At first the attacker
> didn't have the root password.
>
> Any help is greatly appreciated. This is urgent...
>
> Carlos
>
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-user-request@lists.debian.org .
> Trouble? e-mail to templin@bucknell.edu .
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: