GoFuckYourself.com - Adult Webmaster Forum - View Single Post

jerzeemedia · 05-13-2006, 03:42 PM

Welp, here's an example of what I saw on the box:

In /tmp, a script named 'x' was uploaded, as well as 'http', along with a directory named .ssh within /tmp. /tmp of course is set to noexec, however, if you provide the full path to the binary (example: /usr/bin/perl /bin/sh etc), you can execute it from outside of /tmp. Had my provider call me alerting me of a 60 meg outgoing DDoS to some ISPs from the server in question. This sounding familiar to anyone else yet?

05-13-2006, 03:42 PM
jerzeemedia Confirmed User Industry Role: Join Date: May 2004 Location: New Jersey Posts: 1,532	Welp, here's an example of what I saw on the box: In /tmp, a script named 'x' was uploaded, as well as 'http', along with a directory named .ssh within /tmp. /tmp of course is set to noexec, however, if you provide the full path to the binary (example: /usr/bin/perl /bin/sh etc), you can execute it from outside of /tmp. Had my provider call me alerting me of a 60 meg outgoing DDoS to some ISPs from the server in question. This sounding familiar to anyone else yet? __________________ Free Adult Blog Hosting http://www.waqn.com free porn www.mojohost.com - Best guys, best host.