[BlueOnyx:05940] Re: hacker scripts
Chuck Tetlow
chuck at tetlow.net
Mon Nov 29 13:17:58 -05 2010
One easy patch, while you solve the actual problem - is to prevent them from creating that file. Put one in /tmp that they can't overwrite.
Go to /tmp and "touch dc.txt". That creates an empty file by that name. Now lock it with "chattr +i dc.txt". That makes it "immutable" or completely unchangable - even by root.
Of course, this only works if the hacker script file is always named dc.txt. Plus - its only a patch, while you find and fix the exploit they're using.
Chuck
---------- Original Message -----------
From: Gerald Waugh <gwaugh at frontstreetnetworks.com>
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it>
Sent: Mon, 29 Nov 2010 11:08:22 -0600
Subject: [BlueOnyx:05931] hacker scripts
> Have a server been exploited several times
> they come in through httpd
> install scripts in /tmp
>
> this one was dc.txt
>
> # Priv8 ** Priv8 ** Priv8
> # IRAN HACKERS SABOTAGE Connect Back Shell
> # code by:LorD
> # We Are :LorD-C0d3r-NT-\x90
> # Email:LorD at ihsteam.com
>
> we also had .sep and send
> send sends sms emal, by the thousands @tmomail.net
>
> How can I stop these people from downloading and running their scripts
> in /tmp using httpd
>
> --
> Gerald
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
------- End of Original Message -------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20101129/da0c9661/attachment.html>
More information about the Blueonyx
mailing list