nanog mailing list archives
Re: Rootshell pages hacked
From: Joe Shaw <jshaw () insync net>
Date: Thu, 29 Oct 1998 12:36:29 -0600 (CST)
It was yesterday morning actually.
From Rootshell's own page:
"On Wed Oct 28th at 5:12AM PST the main Rootshell page was defaced by a group of crackers. Entry to the machine was made via SSH (secure shell) which is an encrypted interface to the machine at 04:57AM PST this morning. Rootshell was first informed of this incident at 6:00 AM PST and the site was immediately brought offline. The site was back up and operational by 8:00AM PST. We are still in the process of investigating the exact methods that were used. The paranoid MAY want to disable ssh 1.2.26. Rootshell runs Linux 2.0.35, ssh 1.2.26, qmail 1.03, Apache 1.3.3, and nothing else. The attackers used further filesystem corruption to make it harder to remove the damaged HTML files." It could have been ssh, qmail, Apache, or some script they ran on the server that caused the root compromise. SSH was just the way they got in, probably after they compromised root. My only question is, if they were running ssh-1.2.26, why Kit points to the ssh2 protocol specs in his posting? Doesn't ssh-1.2.26 only support ssh ver1 specs? Joe On Thu, 29 Oct 1998, neil wrote:
Hi there. Apparently rootshell.com pages had been hacked this morning by crackers using ssh-1.2.26.? Any got more news about this event, regards "May you live in interesting times" by chinese ppl
Current thread:
- Re: root name servers, (continued)
- Re: root name servers Nathan Stratton (Oct 27)
- Re: root name servers Jay R. Ashworth (Oct 27)
- Re: root name servers Steven J. Sobol (Oct 27)
- Re: root name servers Phil Howard (Oct 28)
- Re: root name servers Russ Haynal (Oct 28)
- Rootshell pages hacked neil (Oct 29)
- Re: Rootshell pages hacked JR Mayberry (Oct 29)
- Re: Rootshell pages hacked JR Mayberry (Oct 29)
- Re: Rootshell pages hacked Joe Shaw (Oct 29)
- Re: Rootshell pages hacked Michael L. Barrow (Oct 29)
- Re: Rootshell pages hacked Joe Shaw (Oct 29)
- Rootshell pages hacked neil (Oct 29)
- Re: root name servers Sean Donelan (Oct 27)
- RE: root name servers Kamau Wanguhu (Oct 28)
- Re: root name servers Sean Donelan (Oct 28)
- Re: root name servers bmanning (Oct 28)