[lug] i got hacked

D. Stimits stimits at idcomm.com
Thu Apr 18 16:35:12 MDT 2002


j davis wrote:
> 
> i have a box at a place i do contract work about 2 days a month.
> today i could not ssh to it. so iwent on site and discoverd i got
> hacked...like a dummy i didnt have tcp wrappers on or a firewall . i think
> they exploited wu-ftpd
> ..i use redhat 7.1 with wu-ftpd 2.6.1-20...i havent got around to upgrading
> yet.
> anyway here is what i found in /etc/rc3.d/S52remote
> 
...

Found one other interesting detail, but also non-English, it appears
from my few words I've been able to read that this was first part of a
FreeBSD exploit. Somewhere in this page of advisories is one about this
for FreeBSD, or at least my little gibberish attempts point to it:
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/

I also see an exim mention, though I'm not sure what exactly (again,
non-English). But, exim runs on both linux and freebsd, so I would also
focus on checking if exim and sendmail and any email program is out of
date or altered. This also reminds me that port 25 firewalling is on the
frequent exploits list. If your machine only talks to one outside
machine for SMTP services, then you can firewall it against all IP's
except that one.

D. Stimits, stimits at idcomm.com



More information about the LUG mailing list