[Wolves] Wolves Digest, Vol 269, Issue 8
Wayne
waynelists at machx.co.uk
Sat Dec 6 12:13:24 UTC 2008
wolves-request at mailman.lug.org.uk wrote:
>
> Message: 1
> Date: Fri, 5 Dec 2008 15:56:03 +0000
> From: "Roundyz" <roundyz at hotmail.ru>
> Subject: Re: [Wolves] Hacking attempt - what next
> To: wolves at mailman.lug.org.uk
> Message-ID: <lgRSGWSzLDNV.0sv18CSS at mail.pochta.ru>
> Content-Type: text/plain; charset=US-ASCII
>
> 6 hours to get in, thats fast if the box wasnt being watched...do you think the box was random attacked? did the attacker brute force in, or did he have a key?
>
>
No, like a dimwit , I'd also set up a user to catch email for a one off
event, let call him 'dave' and since I'm the only
one in the building, and don't use ssh , I'd set the password as 'dave'
- doh. Tho the odds on someone trying all the users and then trying the
name as password must be low? Thats the way I assume they got in, the
logs show about 3000 failed attempts. Oh and Romania ,not Russia.
They first tried to download a Windows file before moving to Linux
stuff, and the content of one of the tars seems to indicate a spam package.
I've deleted the account and run a couple of rootkit detectors which
seems to indicate it clean (and the payload files were all 2006 so I
guess they must
be known about).
How hard is it to get control of root of system from a user account?
More information about the Wolves
mailing list