Full Disclosure mailing list archives
Re: one of my servers has been compromized
From: BH <lists () blackhat bz>
Date: Tue, 06 Dec 2011 17:30:16 +0800
I'm not sure if this has been said in this thread yet, but is it possible the host O/S was compromised? I have not used OpenVZ but I assume it's the same as Virtuozzo in the respect that you can just 'vzctl enter <ctid>' to get a root shell inside the container with no password (assuming you have control of the parent O/S). I have come across a Virtuozzo server before that has been compromised. When I had a look, as far as I could see the only thing they appeared to do was copy a Perl script to each container, execute the script then delete it. On 6/12/2011 5:17 PM, Lucio Crusca wrote:
Gage Bystrom wrote:I would suggest iptables but the OP stated he doesn't own the server and has no root access.If I ever stated that, it means I misused my poor english for sure... I DO have root access and I DO own the server, where the server means the *guest* OpenVZ instance. I DID configure iptables yesterday in order to block outgoing connections. What I can't do is upgrading the kernel because OpenVZ is a limited "paravirtualization" system where the guest kernel it's more like a stub on top of the only shared host kernel. I have no control over the host kernel, so I can't upgrade it. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: one of my servers has been compromized, (continued)
- Re: one of my servers has been compromized Valdis . Kletnieks (Dec 06)
- Re: one of my servers has been compromized Gage Bystrom (Dec 06)
- Re: one of my servers has been compromized Valdis . Kletnieks (Dec 06)
- Re: one of my servers has been compromized John Jacobs (Dec 06)
- Re: one of my servers has been compromized Gage Bystrom (Dec 06)
- Re: one of my servers has been compromized Dan Ballance (Dec 05)
- Re: one of my servers has been compromized Gage Bystrom (Dec 05)
- Re: one of my servers has been compromized Javier Bassi (Dec 05)
- Re: one of my servers has been compromized Dan Ballance (Dec 05)
- Re: one of my servers has been compromized Lucio Crusca (Dec 06)
- Re: one of my servers has been compromized BH (Dec 06)
- Re: one of my servers has been compromized Lucio Crusca (Dec 06)
- Re: one of my servers has been compromized Kerem Erciyes (Dec 06)
- Re: one of my servers has been compromized Gage Bystrom (Dec 06)
- Re: one of my servers has been compromized Valdis . Kletnieks (Dec 06)
- Re: one of my servers has been compromized Paul Schmehl (Dec 06)
- Re: one of my servers has been compromized Gage Bystrom (Dec 06)
- Re: one of my servers has been compromized Paul Schmehl (Dec 06)
- Re: one of my servers has been compromized Charles Morris (Dec 06)
- Re: one of my servers has been compromized Gage Bystrom (Dec 06)
- Re: one of my servers has been compromized Paul Schmehl (Dec 07)