Re: hacker attack: leaves .BitchX dir in root's home
Carlos Carvalho hat gesagt: // Carlos Carvalho wrote:
> My site has been atacked by a hacker using a method that leaves a
> directory .BitchX (or something close) in root's home dir. It gets the
> user/password combination of any user that telnet, ftp or use pop3 to
> get to the machine (no ssh).
> What's the security hole that's being exploited? At first the attacker
> didn't have the root password.
Don't know about this BitchX-stuff, but the rest might be a juggernaut attack.
Juggernaut is a nice and userfriendly telnet-hijacker that has been presented
in Phrack-magazine. It steals an established telnet-, ftp- or pop3-session and
compiles good under debian and any other linux (I don't think it is or will
be a debian package though :) )
If you have been attacked by juggernauts you should see so called ACK storms.
AFAIK the only solution is to use ssh-programms.
Yours <a href="http://www.koeln-online.de/einblick/">
Frank Barknecht Das Koelner Stadt- und Unimagazin
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .