hack lesson?
epsas at inflicted.net
epsas at inflicted.net
Sat Jan 12 01:51:26 PST 2002
I would check out your /etc/xinetd.conf or /etc/inetd.conf file for any strange entries. That is usually one of the first places that a cracker modifies. Also, I seriously suggest purchasing a new HD for your reinstall and keeping the cracked HD around for foresnics.
Good luck,
charles
> It appears that a corrupt perl directory has been installed. How did
> they get in? Some buffer overflow of perl that gave them root access to
> install the rootkit? Beats me, but I am checking with those who may
> know. It's very possible that I made a mistake some time last year that
> someone is just now spanking me for.
>
> A friend suggested that I look at my rc.local file where I found "touch
> /var/lock/subsys/local." Having no virgin rc.local to look at, I don't
> know if it's legit.
>
> It is dangerous to suggest that someone in a mailing list is responsible
> for a hack. Talk about introducing FUD. I recognize this and would
> hesitate to think that the active participants would stoop to such an
> act. The coincidence is unbearable, though. I was clearly flaunting my
> confidence in webmin, and what better way to given someone a lesson in
> humility than to exploit their confidence. It would not surprise me if
> someone took this upon his/her self to do so. No harm was done, no
> defacing or data corruption occurred. I'll be back up and I'll be
> running webmin. Keep a look out for me. Come and get it.
More information about the LUAU
mailing list