Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #167
| Newsgroups | comp.os.linux.security |
|---|---|
| Subject | Re: Security breach? |
| From | Ohmster <root@dev.nul> |
| References | <XnsA145508078CBMyBigKitty@216.196.97.131> <slrnkevaie.4qm.BitTwister@wb.home.test> <i1OHs.32904$3S5.11697@newsfe18.iad> |
| Organization | Ohm's Fish Market |
| Message-ID | <XnsA14526347AB67MyBigKitty@216.196.97.131> (permalink) |
| Date | 2013-01-11 02:45 -0600 |
unruh <unruh@invalid.ca> wrote in news:i1OHs.32904$3S5.11697 @newsfe18.iad: > This is silly. Not every unkown log entries is evidence of a breakin. I > have no information from your system, but since it is possible that your > system has been broken into, then you should reinstall your OS. And > since you do not know tht tomorrow you are not comprimised you should > reinsall every day. After all the breaking could hide itself every day. > > Now perhaps you could answer his question-- does the evidence he gave > point to a breakin? Do you know what those log entries mean? No unruh, I am really screwed now. Please go see my reply to Bit Twister, the details are in that followup. Dam, I got people opening my web browser, buying silver coins on ebay in my account and posting garbage on craigslist, again on my account. Just sitting here now, very quite, past 3AM and now chrome browser opens all by itself and goes to some spam cash website, already clicking the dropdown boxes. Craigslist and ebay were done with Firefox, now this is chrome. Somebody got in and got temporary root access. That is enough to make anyone shut the bitch off. I posted here for help and while waiting for the reply, the box is running browsers by itself, hitting all sorts of account websites. I shut it all down via ssh to do a sudo halt. This is way too much, I cannot put this online like this. I would like to investigate offline though. As bad as this is, it is quite interesting. How did they do it? Apache expliot? That has happened before with Fedora. What log files can I look at to check? Thank goodness to logwatch to make me get into action and stop ignoring the hair on my arms sticking up. Oh man this really bits the big one! Thanks bra! -- ~Ohmster
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Security breach? Ohmster <root@dev.nul> - 2013-01-10 23:29 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 05:59 +0000
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 06:10 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:45 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:44 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:06 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:26 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:45 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:24 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 19:34 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 02:16 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 21:04 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 05:44 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:29 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 03:01 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 07:24 -0500
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 14:51 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 10:45 -0500
Re: Security breach? Jim Beard <jdbeard@patriot.net> - 2013-01-13 12:21 -0500
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 12:59 -0500
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:40 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 16:14 -0500
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 23:51 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 09:59 -0500
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 17:39 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 16:16 -0500
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 21:48 +0000
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:35 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:05 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:26 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 03:10 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 11:31 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:53 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:05 +0100
Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:14 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:47 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:26 +0000
Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-12 09:23 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:31 -0600
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:36 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-13 14:45 +0100
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:39 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:08 +0000
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:50 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:19 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:30 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:49 -0600
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:36 -0600
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:52 -0600
Re: Security breach? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2013-01-11 03:10 -0500
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:39 -0600
Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 10:53 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:12 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 22:53 +0100
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:57 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:29 +0100
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:55 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:59 +0100
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:07 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 00:24 +0100
Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 17:48 -0600
Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 18:07 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:16 +0000
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 12:13 +0100
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 18:30 +0000
Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:07 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:22 -0600
csiph-web