Re: HELP!!!, can't login even as root

To: David Mandelberg <webmaster@eth0.is-a-geek.org>
Cc: debian-user <debian-user@lists.debian.org>
Subject: Re: HELP!!!, can't login even as root
From: arodriguez31@cfl.rr.com
Date: Sun, 21 Nov 2004 17:47:01 -0500
Message-id: <[🔎] 5c4df95c3924.5c39245c4df9@tampabay.rr.com>
Reply-to: arodriguez31@cfl.rr.com

yeap, it is www-data. See next

www-data:x:33:33:www-data:/var/www/:/bin/sh

and

www-data:x:33:

It probably hapenned by allowing uploading of pictures through a perl script to my server without proper security. STUPID mistake, if it is the reason. And more stupid, if another mistake of mine.

That h-thing is what, a code for what?
Where can I read about this? Whats next step, wipe it all? What damage it could have done?
Thank you guys for all.

arodriguez31@cfl.rr.com wrote:
> Access: (0660/-rw-rw----)  Uid: (   33/www-data)   Gid: (   33/www-data)

Do this:
$ grep 33 /mnt/debian/etc/passwd
$ grep 33 /mnt/debian/etc/group
and email the user with uid 33 and the group with gid 33. If it actually
is www-data/www-data, then you've probably been h4x0r3d, if it's
bin/bin, then I'm just confused.

Also, look around for a root-kit sniffer in knoppix and use it if you
find one, this looks like either a break in or a really stupid mistake
(no offense).

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$
UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K-
w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-)
b++(+++)@ DI? D? G e->++++ h* r? z*
------END GEEK CODE BLOCK------

David Mandelberg
webmaster@eth0.is-a-geek.org

Reply to:

Follow-Ups:
- Re: HELP!!!, can't login even as root
  - From: Michael Z Daryabeygi <mzd@sligowebworks.com>

Prev by Date: Re: Installing Development Headers
Next by Date: Re: error in apt updating to Sarge
Previous by thread: Re: HELP!!!, can't login even as root
Next by thread: Re: HELP!!!, can't login even as root
Index(es):
- Date
- Thread