[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)

Subject: RE: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)
From: "Thom R. Lacosta" <lacosta@xxxxxxxx>
Date: Thu Mar 18 16:43:00 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Fri, 19 Mar 2004, Crocket wrote:

> 1) which vhost/script was used to upload that crap and how can they exec
> tar -zxvf their *.gz files
> 2) Is it possible to run configure, makefile (needed for the undernet
> installation) without shell access (# last didn't show any unusual logins
> and no unusual users in /etc/passwd), e.g through a php script ?

Some older versions of PHP Galley and PHPdig had recently announced
exploits that allow root access.

Once they get in that way, they can install the IRC stuff.  Check the
.bash_history file.  You're lucky they didn't put the stuff into hidden
directories.

Thom

http://www.baltimorehon.com/            Home of the Baltimore Lexicon

Follow-Ups:
- RE: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)
  - From: Crocket

References:
- RE: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)
  - From: Crocket

Prev by Date: Re: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)
Next by Date: [cobalt-users] Moving SSL Certificate from a RaQ 4r to a RaQ 550
Previous by thread: Re: [cobalt-users] Unable to net boot
Next by thread: RE: [cobalt-users] Howto trace hack (was: Raq550: SMTP shutting down)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index