Network Security: Detailed info on Re: Strange Attack On A Webserver I Work On

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Linux

[Top] [All Lists]

Re: Strange Attack On A Webserver I Work On

from [Jason Stewart] Network Security

[Permanent Link]

Subject:	Re: Strange Attack On A Webserver I Work On
Date:	Wed, 27 Oct 2004 09:00:21 -0400

On 26/10/04 20:30 -0400, Matthew J. Sahagian wrote:

Hello, I'm a long time reader of this list and have never really had the need 
to post here.  However, recently a webserver that I do minimal administrative 
work for was attacked.  We're still unsure exactly what had been done.  Most 
of the logs have been either cleaned or wiped completely (either by log 
rotate or by the attacker).  I was gone for the weekend so I sorta came back 
to this.  I don't really have questions about the attack per se, we're doing 
pretty well at the recovery process....  one question I do have however is 
this.


Sometimes script kiddies will forget to erase their shell history
files. You can locate them with the following find regex:

find / -regex '.*\(\/\.bash_history$\|\/\.history$\).*' -xdev

Good Luck,
Jason

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Strange Attack On A Webserver I Work On, Matthew J. Sahagian Re: Strange Attack On A Webserver I Work On, Michael da Silva Pereira Re: Strange Attack On A Webserver I Work On, Matthew J. Sahagian Re: Strange Attack On A Webserver I Work On, TJ Easter Re: Strange Attack On A Webserver I Work On, Reimundo Heluani Re: Strange Attack On A Webserver I Work On, Jason Stewart <= Re: Strange Attack On A Webserver I Work On, Andrea RE: Strange Attack On A Webserver I Work On, Filipe Varela RE: Strange Attack On A Webserver I Work On, Keller, Tim

Previous by Date:	Re: Strange Attack On A Webserver I Work On, Matthew J. Sahagian
Next by Date:	Re: Strange Attack On A Webserver I Work On, Reimundo Heluani
Previous by Thread:	Re: Strange Attack On A Webserver I Work On, Reimundo Heluani
Next by Thread:	Re: Strange Attack On A Webserver I Work On, Andrea
Indexes:	[Date] [Thread] [Top] [All Lists]