Hacker
David Rohleder
davro na ics.muni.cz
Středa Duben 11 09:30:08 CEST 2001
"Radomir Slezak - MHBH a.s." <slezak na mhbh.cz> writes:
> Zajimalo by ma jak tohle kdo chape ? V systemu jsem skutecne nasel dva
> soubory, obsah jednoho jsem sem daval, ale neni odpoved.
> Diky
Ja tedy nevim, to neumite anglicky? Proste mate diru v proftpd,
protoze dostatecne neupgradujete. Tou se tam nekdo dostal a
nainstaloval si tam irc demona. Pak se tam dostal jeste nekdo, kdo byl
tak slusny, ze vam o tom napsal mail.
>
> R. Slezak
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> To the systems administrator
> It has come to my attention that your computer system is one of a number
> that
> may be being used maliciously without your knowledge. I'm a user of the irc
> network irc.draconic.com and there is a connection from your box to this
> network in the channel #kaiten.
> The following systems have been affected.
> [01:25:43] --- #kaiten ~Yqaj mail.mhbh.cz aquila.draconic.com AaC`Cu H :0
> tlax
> [01:25:43] --- #kaiten ~bmer dns.gf.su.ac.yu aquila.draconic.com Ljoin H :0
> tcouvvod
> [01:25:43] --- #kaiten ~fkuxhalm 207.102.158.10 iolite.draconic.com zgineg H
> :1 JoVcNbS
> [01:25:43] --- #kaiten ~cgokh ginger.stat.math.keio.ac.jp
> aquila.draconic.com
> h_euc H :0 _mut`
> [01:25:43] --- #kaiten ~Unypeu medzine.chungbuk.ac.kr aquila.draconic.com
> accou H :0 acces
> [01:25:43] --- #kaiten ~bgopce 211.109.219.91 aquila.draconic.com tpo_vin` H
> :0 ag`eh
> [01:25:43] --- #kaiten ~bqomm 210.115.127.1 iolite.draconic.com abduc H :1
> Uzuxu`an
> [01:25:43] --- #kaiten ~hxiph 210.179.97.1 aquila.draconic.com qbop H :0
> m_um
> [01:25:43] --- #kaiten ~abbrev host-63-108-129-237.api-digital.com
> aquila.draconic.com tjejg H :0 MiCkTw
> [01:25:44] --- #kaiten ~wnevc 211.109.219.91 aquila.draconic.com Hboviqiq H
> :0 ijpigko
> [01:25:44] --- #kaiten ~vjut_a 210.78.22.102 aquila.draconic.com yiikv H :0
> ir`ij
> [01:25:44] --- #kaiten ~ruoo 210.99.216.193 aquila.draconic.com jgog H :0
> Tanox
> [01:25:44] --- #kaiten ~AxAaZ 210.72.245.1 aquila.draconic.com zlugi H :0
> nrisaa
> [01:25:44] --- * :End of /WHO list.
>
> I have checked all these systems and they all are running proftpd-1.2.0pre1
> Which has a remotely exploitable bug detailed here.
> http://rootshell.com/archive-j457nxiqi3gq59dv/199902/ftpd.txt.html
> I would urge you as a part of the internet community to patch the security
> hole as soon as you are able.
> Authenticity of my identify and this message can be verified by using my
> public key http://snowy.dnsalias.com/snowy.gpg
> Thank you
> Matthew Dunn
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: Sanity is the hallmark of the slow witted (www.gnupg.org, pgp.com)
>
> iEYEARECAAYFAjrTM/8ACgkQLFBqI0haV/H5GQCfR5+U9lIwA869FmTO8eWMZx3S
> fPUAn0UWHor8vgXBE9jOP0pm6wH33oXf
> =lUnO
--
-------------------------------------------------------------------------
David Rohleder davro na ics.muni.cz
Institute of Computer Science, Masaryk University
Brno, Czech Republic
-------------------------------------------------------------------------
Další informace o konferenci Linux