Carlos Carvalho hat gesagt: // Carlos Carvalho wrote:
> My site has been atacked by a hacker using a method that leaves a
> directory .BitchX (or something close) in root's home dir. It gets the
> user/password combination of any user that telnet, ftp or use pop3 to
> get to the machine (no ssh).
Carlos:
BitchX is an IRC program that put's a directory called .BitchX in the
users home directory. Either you have this and have used it or your
hacker used it as root. Of course a hacker may have just created it so
it might look normal in your directory. What's in the directory?
Carl
My site has been atacked by a hacker using a method that leaves a
directory .BitchX (or something close) in root's home dir. It gets the
user/password combination of any user that telnet, ftp or use pop3 to
get to the machine (no ssh).
What's the security hole that's being exploited? At first the
3 matches
Mail list logo
