Re: hacker attack: leaves .BitchX dir in root's home

To: Carlos Carvalho <carlos@fisica.ufpr.br>
Cc: debian-user@lists.debian.org
Subject: Re: hacker attack: leaves .BitchX dir in root's home
From: Rick Jones <rick@cyberdynamics.com>
Date: Wed, 14 Jan 1998 18:59:29 -0500
Message-id: <[🔎] 34BD5161.3484E853@cyberdynamics.com>
Reply-to: rickya@siservices.net
References: <[🔎] 199801142324.VAA01586@hoggar.fisica.ufpr.br>

Carlos:

	BitchX is an IRC program that put's a directory called .BitchX in the
users home directory.  Either you have this and have used it or your
hacker used it as root.  Of course a hacker may have just created it so
it might look normal in your directory.  What's in the directory?

Carlos Carvalho wrote:
> 
> My site has been atacked by a hacker using a method that leaves a
> directory .BitchX (or something close) in root's home dir. It gets the
> user/password combination of any user that telnet, ftp or use pop3 to
> get to the machine (no ssh).
> 
> What's the security hole that's being exploited? At first the attacker
> didn't have the root password.
> 
> Any help is greatly appreciated. This is urgent...
> 
> Carlos
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-user-request@lists.debian.org .
> Trouble?  e-mail to templin@bucknell.edu .


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- hacker attack: leaves .BitchX dir in root's home
  - From: Carlos Carvalho <carlos@fisica.ufpr.br>

Prev by Date: Re: SVGATextMode - thanks for help
Next by Date: Re: Cnews would not configure on installation
Previous by thread: hacker attack: leaves .BitchX dir in root's home
Next by thread: Re: hacker attack: leaves .BitchX dir in root's home
Index(es):
- Date
- Thread