Re: possibly hacked

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Well, we got also infected with this "bastard"
ok, we´running Mandrake 10.2 (the good old one) but same probbs.

How i found it?
i was looking what is running on this MDK... uuuuuuhhhhh whats that
=> APACHE -DSSL ??? hmmm with high CPU Load.... i was wondering.
Also o had lately lags in our bandwidth.... alot spam Mails and a few
other strange things.
Ok.. time to do smth......
In our case this is bastard tells you i am "APACHE -DSSL" WRONG!!!!
this is a Perl Deamon connecting to the Irc Network and spreading all
infos of ur sys, AND!!!! gives them full access to ur Server.......
What to do???? Where the heck does it load from?
Well.... it is a Exploit used by hackers to hijack Boards, no matter
if phpBB, Joomla or other.. its Code injection and execution !! once
u got infected u r having a probb we DONT know at time a solution to
kick this lil baby off, not yet.....
What we did?
well... this exploid needds to load external code to execute.... we
found where and how it starts up, in our case it is the file
"borek.txt" (search for it by google etc. and you will find similar
probbs;) )
OK... we saw where this bastard tryed to load it´s code... so we
blocked this IP. This will give us now the time and chance to search
how it works and maybe find a solution to fix it and close this
backdoor/bug
When u deny/drop/reject access to the IP where the code is placed,
the deamon cant start up.. simple? yes, but no solution.....

We´ll finger out how and what it is and by chance bring u all (and
us) a solution ti fix it

cheers from Germany,
Schnulli

By the way, when still someone has a solution feel free to post it
here or leave me a note


-- 
This is an email sent via The Fedora Community Portal https://fcp.surfsite.org
https://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=157551&topic_id=29890&forum=10#forumpost157551
If you think, this is spam, please report this to webmaster@xxxxxxxxxxxxxxxx and/or blame dajudge@xxxxxxx


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux