I've been hacked: "duarawkz"

From: Arnuschky (arnuschky@xylon.de)
Date: 01/17/02

• Next message: Willy Angenent: "Re: Hacked by "bobkit""
• Previous message: Wine Development: "Re: security for newbies?"
• Next in thread: Kosh Vader: "Re: I've been hacked: "duarawkz""
• Reply: Kosh Vader: "Re: I've been hacked: "duarawkz""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Arnuschky <arnuschky@xylon.de>
Date: Thu, 17 Jan 2002 19:37:49 +0100

[This followup was posted to and a copy was sent to the cited author.]

Hi all.

I figured out why my system started to act strange (see my previous
posts "very strange linux bug cant specify").

I already searched the system with chkrootkits, and nothing turned up.
So I thought it must be some sort of software bug.

But today, I did a typo "ls /la" returned "/usr/bin/duarawkz/ls:
Directory not found"
Aha. So I got cracked. Just great. The thing is, they didn't had much
time to use my server - it's just a dialup and I'm usally only for max.
an hour online (except sundays).
I thing they broke in befor I got up my firewal again (I moved to
another city and didn't had the time to care about iptables at the
beginning - I had to change from DSL to ISDN :(

I diconnected the box some time ago when I noticed that the box acted
strange. I had much time yet to care about this curious "bug".

I will wipe and reinstall the whole system very soon, but first I want
to find out as much as I can. I already made a copy of the whole system
to another disk for phorensics.

The cracker messed up my system so it didn't worked anymore because of
his faults.

But anyways, does anyone know something about "duarawkz"? Suggestions?

Greetings
Arnuschky

---

• Next message: Willy Angenent: "Re: Hacked by "bobkit""
• Previous message: Wine Development: "Re: security for newbies?"
• Next in thread: Kosh Vader: "Re: I've been hacked: "duarawkz""
• Reply: Kosh Vader: "Re: I've been hacked: "duarawkz""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Arabic letters separated by markup ... >>> I find it very strange that IE should get it right here and Mozilla ... > But I would like to know first if it is really a bug. ... letters separated by HTML markup) to render as joined or unjoined. ... I'm not trying to give IE the credit here -- they inherited Netscape ... (comp.text.sgml) POK Flag Weirdness wth binary files ... This week I got bitten by something very strange. ... encryption, but when I read the key in, for some reason, the ... I have written a short script reproducing the problem (under Perl ... Is it a bug in Perl, a bug in Crypt::Rijndael, or a bug in my ... (comp.lang.perl) Re: Pickup group fun ... the old "karma" that is almost a year out of date, ... was the pvp indicator malfunction that you mention. ... part of the same bug. ... Very strange... ... (alt.games.warcraft) Re: ~ folder (backup of address book?) on desktop ... OK the website says:>>Strange ~ file in strange places ... Windows Address Book (WAB) used by OE. ... folder as the *.wab file itself, ... A bug in an update causes the copy to be ... (microsoft.public.win2000.general) Re: Bizarre Printing Problem ... Its not a bug, its a feature. ... >Really strange problem. ... >WIndows printers with a VFP8 application. ... Generates a syntax error. ... (microsoft.public.fox.vfp.reports.printing)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2002-01