Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Got hacked yesterday Got hacked yesterday
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 09-27-2003, 01:07 PM   #1
NemesisEnforcer
Confirmed User
 
NemesisEnforcer's Avatar
 
Industry Role:
Join Date: Aug 2003
Location: Vegas and Los Angeles
Posts: 2,122
:mad Got hacked yesterday
TGIF, so I thought. It's Friday afternoon, I'm about to take a nap and hit the strip clubs later. Well, it was not to be.

I got a call from my monitoring service saying that connection was refused to my sites. There was no remote or console access to the server. I had to boot from the CD and reinstall the binaries. Checking my system logs, it appears that someone took advantage of an exploit in my FTP server and installed a root kit along with a sniffer. Based on the time stamps, they had 2 hours of access to the server.

It took me 9 hours to restore the system check for additional vulnerabilities and make the necessary patches. What a bitch!
NemesisEnforcer is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-27-2003, 01:07 PM   #2
JamesK
hi
 
Industry Role:
Join Date: Jun 2002
Posts: 16,731
not my problem
__________________
M3Server - NATS Hosting
JamesK is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-27-2003, 01:26 PM   #3
Shoplifter
Richest man in Babylon
 
Shoplifter's Avatar
 
Industry Role:
Join Date: Jan 2002
Location: Posts: 10,002
Posts: 5,726
What FTP server? Wuftpd ?
Shoplifter is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-27-2003, 01:47 PM   #4
davidd
Confirmed User
 
Industry Role:
Join Date: Jul 2003
Posts: 1,076
Quote:
Originally posted by NemesisEnforcer
TGIF, so I thought. It's Friday afternoon, I'm about to take a nap and hit the strip clubs later. Well, it was not to be.

I got a call from my monitoring service saying that connection was refused to my sites. There was no remote or console access to the server. I had to boot from the CD and reinstall the binaries. Checking my system logs, it appears that someone took advantage of an exploit in my FTP server and installed a root kit along with a sniffer. Based on the time stamps, they had 2 hours of access to the server.

It took me 9 hours to restore the system check for additional vulnerabilities and make the necessary patches. What a bitch!
Out of curiosity what OS was the server running?
davidd is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-27-2003, 01:48 PM   #5
Jinx_Co
Confirmed User
 
Join Date: Jul 2003
Posts: 228
yah, There are some new sshd, and sendmail vulnerabilities out too that everyone should get patched up.
__________________


Akira Web - Affordable adult web hosting solutions

ICQ: 36063200
Jinx_Co is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-27-2003, 01:49 PM   #6
NemesisEnforcer
Confirmed User
 
NemesisEnforcer's Avatar
 
Industry Role:
Join Date: Aug 2003
Location: Vegas and Los Angeles
Posts: 2,122
proFTPD

http://www.securityfocus.com/archive/1/338687

I had to patch sendmail as well

Quote:
Originally posted by Shoplifter
What FTP server? Wuftpd ?
NemesisEnforcer is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-27-2003, 01:50 PM   #7
NemesisEnforcer
Confirmed User
 
NemesisEnforcer's Avatar
 
Industry Role:
Join Date: Aug 2003
Location: Vegas and Los Angeles
Posts: 2,122
Red Hat Linux 8

Quote:
Originally posted by davidd


Out of curiosity what OS was the server running?
NemesisEnforcer is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 09-27-2003, 01:57 PM   #8
fris
Too lazy to set a custom title
 
fris's Avatar
 
Industry Role:
Join Date: Aug 2002
Posts: 55,372
ya their was an exploit out for proftpd i upgraded mine, i use proftpd as well, i ditched sendmail on all our servers. i use qmail. secure as a mofo. but then again we dont use linux. freebsd all the way.


make sure to upgrade your openssh too. exploit came out for that too recently.
__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff
fris is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Got hacked yesterday Got hacked yesterday
« Previous Thread | Next Thread »

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.