[TriLUG] I've got intruders!!

Jason jason at monsterjam.org
Mon May 15 21:10:10 EDT 2006


are you running any php scripts? ive seen this happen on my box once..
Theres a nasty css vulnerability in horde and other php apps which can be exploited easily.

regards,
Jason


On Mon, May 15, 2006 at 
09:02:24PM -0400, Neil L. Little wrote:
> I recently discovered that the web server I have been working on has 
> been comprimized and is relaying spam. Because it was a test server 
> there nothing is really important lost but  it does kinda tick me off.
> 
> Of course I have taken it off the network but now I need to see how 
> "they" got in ,what was done, and what I did wrong.
> I'm thinking a hole in my firewall. Also, rootkit. Then what they did to 
> Sendmail (thats a little further down on the list and unimportant right 
> now).
> I remember that I had a problem testing my firewall because TWC has one 
> up on the their cable modem and it led me astray for a while thinking I 
> had the telenet port open.
> 
> Sooooo....
> Can any one suggest some reading material on the subject at hand?
> My initial search came up with:
> Real World Linux Security: Intrusion Prevention, Detection and Recovery 
> by Box Toxen
> Linux Servier Security by Michael D. Bauer.
> 
> Is there a definitive (or just usefull) book out there for someone just 
> discovering that he crapped out in the security turkey shoot?
> 
> Thanks in advance for the help!
> 
> Neil Little, WA4AZL
> JARS Forever!! ..er TRILUG too!!
> 
> Spammers = 1, Home team = 0
> 
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

-- 
================================================
|    Jason Welsh   jason at monsterjam.org        |
| http://monsterjam.org    DSS PGP: 0x5E30CC98 |
|    gpg key: http://monsterjam.org/gpg/       |
================================================




More information about the TriLUG mailing list