[SunRescue] Cracked!
Jon
rescue at sunhelp.org
Sat May 12 11:33:19 CDT 2001
Nice to know I'm not the only one. This happened last week with my Solaris
7 box. I noticed it when my machine would respond to anything. It had like
100+ of thse processes running.
Jon
On Sat, 12 May 2001, Eric Hall wrote:
> Well, it's my own fault, but
> I've been cracked. I noticed
> a process running on my classic
> named uniattack.sh - it seems
> someone was using my lowly
> classic to deface websites.
>
> There was a new directory
> created on my system -
> /dev/cuc where the cracker
> installed his utilities.
> /etc/rc2.d/S71rpc was
> replaced with a startup
> script for the cracker.
> Most of the scripts used
> were written in perl.
> I have them tar'd up safe
> so I can reseach it in more
> depth.
>
> I'm going to have to
> wipe the disk and reinstall
> Sol 7, of course. I'm guessing
> this was a totally scripted
> attack - a worm if you will.
>
> Anyway, if anyone has any info
> on this crack, please let me
> know. And be carefull out there.
>
> Eric H
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> rescue maillist - rescue at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/rescue
>
More information about the rescue
mailing list