Re: hacker attack: leaves .BitchX dir in root's home
Carlos Carvalho hat gesagt: // Carlos Carvalho wrote:
> My site has been atacked by a hacker using a method that leaves a
> directory .BitchX (or something close) in root's home dir. It gets the
> user/password combination of any user that telnet, ftp or use pop3 to
> get to the machine (no ssh).
>
> What's the security hole that's being exploited? At first the attacker
> didn't have the root password.
Don't know about this BitchX-stuff, but the rest might be a juggernaut attack.
Juggernaut is a nice and userfriendly telnet-hijacker that has been presented
in Phrack-magazine. It steals an established telnet-, ftp- or pop3-session and
compiles good under debian and any other linux (I don't think it is or will
be a debian package though :) )
If you have been attacked by juggernauts you should see so called ACK storms.
AFAIK the only solution is to use ssh-programms.
--
Yours <a href="http://www.koeln-online.de/einblick/";>
Frank Barknecht Das Koelner Stadt- und Unimagazin
>-------------< </a>
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: