[Lincs] lug.org.uk has been compromised!
Marc McGuinness
marc at mcguinness.de
Sun Nov 21 17:54:07 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello folks,
Ewan Mac Mahon (York LUG) found an installed backdoor (with Apache ID)
on lug.org.uk just an hour ago. 4 minutes after he sent his message I
logged into the server and watched someone trying do execute "rm -rf
/home" with Apache ID.
The backdoor process is called "th1s iz mY 3l1t3 baCkd00r"...
I don't know what's going to happen now, but I expect the server to be
offline soon.
The administrators have been informed.
Marc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBoNZCxMNwTise71cRApRkAJ4z6s/yvx7O2CUjDI/WhSSi0LSazQCeO5nV
Kj1GWTC+bw/ADUizfNBmH+Y=
=MdUK
-----END PGP SIGNATURE-----
More information about the Lincs
mailing list