[lug] shared server hacked
Stephen Kraus
ub3ratl4sf00 at gmail.com
Wed Mar 2 21:33:39 MST 2011
Do you mean the other end of the lin as in whoever was watching the server?
On Mar 2, 2011 9:31 PM, "Kenneth D. Weinert" <kenw at quarter-flash.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Evidently my hosting service suffered a major intrusion about the middle
of January.
I just found out that there was a problem today. I know I have a lot of
cleanup to do, but one of the things is that they've installed a file. I
was going to gzip it (to make it unusable but available), but I get the
message that there's one other link.
The question I have is one my mind has gone blank on - how to find the
"other end" of the link.
Thanks for any pointers.
Ken
BTW: this was a very interesting exploit. There are two other sites that
I'm hosting that I did all the development on so it's completely custom
software. I found at least two files that they've changed - they spent
the time to find where to include their code into my structure. This is
not exactly straight up code.
All the added files are owned by the account owner which indicates to me
that the hosting company had a root exploit. Good conclusion?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNbxmnAAoJELwlFgJPb4vsEHcH/3EetYiJG7QRnpd+7wj8MgY8
N+kglmtXJAFfrzIC+JBYO4Cnp6CCeXid1TmA+9sl/2T/TbQ+cHbRNYftz4Ua1MR9
mgGk3M0O7tMgEA+KmbvqSieaiwMdTLndWEimytq/ONgqCYGO/noluaoVBslWn2nz
ghCXLtuAsFYsHLMicoxaIc+Ue4jUHLgubGHkhz8noGbijXU6Xqjq+9r/j6psm21f
E8onWTHWwyLGXEXtN1ZfHL6+FPisLAXIOCQHu5qAs3Z9cy83rC6bQ9xvla+n9b5o
aIpGEW2cNzePcfsyAmLsHnA2xdinT7q3HKE06P9qz7fCi7D+6kyBjOkoXXW+hzk=
=hP7g
-----END PGP SIGNATURE-----
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20110302/eb7beac1/attachment.html>
More information about the LUG
mailing list