Re: IIS web server hacked..any tips?
From: Dave Dodge (dododge_at_dododge.net)
Date: 12/16/04
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: IIS web server hacked..any tips?"
- In reply to: Valdis.Kletnieks_at_vt.edu: "Re: IIS web server hacked..any tips?"
- Next in thread: Adrian Marsden: "RE: IIS web server hacked..any tips?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Dec 2004 17:21:42 -0500 To: Valdis.Kletnieks@vt.edu
On Thu, Dec 16, 2004 at 12:08:50PM -0500, Valdis.Kletnieks@vt.edu wrote:
> What percentage of attackers have half a brain? ;)
As an example, the one I ran into this Summer:
- tried to hide his own sshd by calling it /bin/sendmail and
listening on port 322 -- but left its syslog logging enabled, so
in /var/log/messages there was a detailed list of who, when, and
from where the logins occurred.
- left his complete command list from a couple of logins in
root's bash history.
- the rootkit he used managed to screw up the system so badly that
most desktop applications and some command-line tools (such as
"top") wouldn't even start due to library mismatches.
That said, I still rebuilt the machine from scratch rather than
just repairing the damage.
-Dave Dodge
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: IIS web server hacked..any tips?"
- In reply to: Valdis.Kletnieks_at_vt.edu: "Re: IIS web server hacked..any tips?"
- Next in thread: Adrian Marsden: "RE: IIS web server hacked..any tips?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
