Security Incidents mailing list archives
Re: IIS web server hacked..any tips?
From: Dave Dodge <dododge () dododge net>
Date: Thu, 16 Dec 2004 17:21:42 -0500
On Thu, Dec 16, 2004 at 12:08:50PM -0500, Valdis.Kletnieks () vt edu wrote:
What percentage of attackers have half a brain? ;)
As an example, the one I ran into this Summer: - tried to hide his own sshd by calling it /bin/sendmail and listening on port 322 -- but left its syslog logging enabled, so in /var/log/messages there was a detailed list of who, when, and from where the logins occurred. - left his complete command list from a couple of logins in root's bash history. - the rootkit he used managed to screw up the system so badly that most desktop applications and some command-line tools (such as "top") wouldn't even start due to library mismatches. That said, I still rebuilt the machine from scratch rather than just repairing the damage. -Dave Dodge
Current thread:
- Re: IIS web server hacked..any tips?, (continued)
- Re: IIS web server hacked..any tips? xyberpix (Dec 15)
- RE: IIS web server hacked..any tips? Curt Purdy (Dec 15)
- Re: IIS web server hacked..any tips? Sam Evans (Dec 15)
- RE: IIS web server hacked..any tips? Christopher Day (Dec 15)
- RE: IIS web server hacked..any tips? Jim Tuttle (Dec 15)
- Re: IIS web server hacked..any tips? Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Dec 16)
- Re: IIS web server hacked..any tips? Barrie Dempster (Dec 15)
- Re: IIS web server hacked..any tips? Tim Igoe (Dec 15)
- Re: IIS web server hacked..any tips? cta () hcsin net (Dec 16)
- Re: IIS web server hacked..any tips? Valdis . Kletnieks (Dec 16)
- Re: IIS web server hacked..any tips? Dave Dodge (Dec 16)
- Re: IIS web server hacked..any tips? Valdis . Kletnieks (Dec 16)
- Re: IIS web server hacked..any tips? K.M. Jeary (Dec 16)
- Re: IIS web server hacked..any tips? Valdis . Kletnieks (Dec 16)
- Re: IIS web server hacked..any tips? Ron (Dec 16)
- Re: IIS web server hacked..any tips? Valdis . Kletnieks (Dec 16)
- RE: IIS web server hacked..any tips? Gary Nichols (Dec 15)
- Re: IIS web server hacked..any tips? Roger McLaren (Dec 15)
- RE: IIS web server hacked..any tips? Adrian Marsden (Dec 16)
- RE: IIS web server hacked..any tips? Richard . Grant (Dec 16)
- RE: IIS web server hacked..any tips? David LeBlanc (Dec 17)
- Re: IIS web server hacked..any tips? Valdis . Kletnieks (Dec 17)