[nsp-sec] rooted UNIX boxes
Mattias Ahnberg
mattias at ahnberg.pp.se
Tue Jun 28 09:29:04 EDT 2011
On 2011-06-28 11:27, Dirk Stander wrote:
> 19318 | US | 66.23.226.155 | UNDEF(ptr) | Wed Jun 8 07:27:46 2011 | root at www1.priberg.se | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC
> 19318 | US | 66.23.226.155 | UNDEF(ptr) | Wed Jun 8 07:27:46 2011 | root at www1.priberg.se | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC
ACK for this one. A labserver given to me by a friend, but we
never started using it so its a bit odd how it got hacked. I
had one account created, no services other than sshd and the
default apache installation running.
I had just copied over a few .tar.gz files but never got them
unpacked or published online, so I am really confused as of
how they got into this one.
Oh well, its shut off for now and I've asked my friend to
look into his environment, possibly they got into it if the
virtuozzo host itself was hacked first. Thats the only thing
I can think of!
Thank you for the list. :)
--
/ahnberg.
More information about the nsp-security
mailing list