[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cannot Login - Access Found!

On Thu, 20 Aug 2009 12:59:39 -0500
Ron Johnson <ron.l.johnson@cox.net> wrote:

> > The machine has been hacked by someone using a Romanian IP address
> > and has been taken offline while I continue to investigate.  Then
> > I'll do a new install and rebuild.
> 
> How'd he get in?

I found it!  He got in through a vulnerability in Zen Cart.

I found in /var/log/auth.log where he'd changed the passwords of root
and myself and confirmed it in syslog.  Then I found
in /root/.bash_history where he'd downloaded some scripts to the
server, then started going through logs.  Finally I was digging
through apache logs and found him.  Then I googled for a
vulnerability in Zen Cart and found this:
http://www.securityfocus.com/bid/35467/info

-- 
Raquel
============================================================
Power without love is reckless and abusive and love without power is
sentimental and anemic. Power at its best is love implementing the
demands of justice.  Justice at its best is power correcting
everything that stands against love.

  --Martin Luther King,. Jr.
Reply to: