[lug] shared server hacked

Kenneth D. Weinert kenw at quarter-flash.com
Wed Mar 2 22:11:51 MST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/02/2011 09:51 PM, Simos wrote:

> I assume you are talking about a hard link, which means it's going to be in the
> same filesystem as the original file. Both files will have the same inode and you
> can use find to track it down, for example:

Thanks for the info, I'll give it a try to track them down.

>> All the added files are owned by the account owner which indicates to me
>> that the hosting company had a root exploit. Good conclusion?
> 
> Either that or someone got access to your login credentials. Seems pretty
> targeted to me.


Well, on my sites it was an extra php file that was added, on my
client's site it was integrated into the existing structure.

Could be targeted, always a possibility.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNbyMWAAoJELwlFgJPb4vsRQ4H/3cYuEQHQZYzd85baG5wn7Uz
hBm0HQhrKIWu+A0Xxp/3sAGnmWWVO8uJw1qFS2k3B643ysS4B8nfErkjeRSUxz6N
kZ8rUpjlYmecMfSHJAC7HldZy/Ee4Sp/6Qtra8enPCq8s/uO6izkQ+/y8j2uY9nm
oNn1K3oHM5GT79sZzqh4rEwr8JhMyfhH5Mz/TdmxTkUp9t/TLMReYOm31/Xm0dBQ
2rj7Y8njpThbm2mB8kQOfRlojpNUzZ7PMJr1PWDko20e0SP3LoGye1AP2hp2itQv
54EOxAY/CZn1cP6Vohl6jQXK25u7tmJMcbKrMQc14Sj9kiwzydLD3QLp/BiSQLU=
=xj/3
-----END PGP SIGNATURE-----



More information about the LUG mailing list