Network Security: Detailed info on Re: IIS web server hacked..any tips?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: IIS web server hacked..any tips?

from [Dave Dodge] Network Security

[Permanent Link]

Subject:	Re: IIS web server hacked..any tips?
Date:	Thu, 16 Dec 2004 17:21:42 -0500

On Thu, Dec 16, 2004 at 12:08:50PM -0500, Valdis.Kletnieks@vt.edu wrote:

What percentage of attackers have half a brain? ;)


As an example, the one I ran into this Summer:

  - tried to hide his own sshd by calling it /bin/sendmail and
    listening on port 322 -- but left its syslog logging enabled, so
    in /var/log/messages there was a detailed list of who, when, and
    from where the logins occurred.

  - left his complete command list from a couple of logins in
    root's bash history.

  - the rootkit he used managed to screw up the system so badly that
    most desktop applications and some command-line tools (such as
    "top") wouldn't even start due to library mismatches.

That said, I still rebuilt the machine from scratch rather than
just repairing the damage.

                                                  -Dave Dodge

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: IIS web server hacked..any tips?, (continued) Re: IIS web server hacked..any tips?, xyberpix RE: IIS web server hacked..any tips?, Curt Purdy Re: IIS web server hacked..any tips?, Sam Evans RE: IIS web server hacked..any tips?, Christopher Day RE: IIS web server hacked..any tips?, Jim Tuttle Re: IIS web server hacked..any tips?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Re: IIS web server hacked..any tips?, Barrie Dempster Re: IIS web server hacked..any tips?, Tim Igoe Re: IIS web server hacked..any tips?, cta@hcsin.net Re: IIS web server hacked..any tips?, Valdis . Kletnieks Re: IIS web server hacked..any tips?, Dave Dodge <= Re: IIS web server hacked..any tips?, K.M. Jeary Re: IIS web server hacked..any tips?, Valdis . Kletnieks Re: IIS web server hacked..any tips?, Ron RE: IIS web server hacked..any tips?, Gary Nichols Re: IIS web server hacked..any tips?, Roger McLaren RE: IIS web server hacked..any tips?, Adrian Marsden RE: IIS web server hacked..any tips?, Richard . Grant RE: IIS web server hacked..any tips?, David LeBlanc Re: IIS web server hacked..any tips?, Valdis . Kletnieks

Previous by Date:	Re: IIS web server hacked..any tips?, Ron
Next by Date:	Strange command histories in hacked shell server, Ganbold
Previous by Thread:	Re: IIS web server hacked..any tips?, Valdis . Kletnieks
Next by Thread:	Re: IIS web server hacked..any tips?, K.M. Jeary
Indexes:	[Date] [Thread] [Top] [All Lists]