Carlos Carvalho hat gesagt: // Carlos Carvalho wrote: > My site has been atacked by a hacker using a method that leaves a > directory .BitchX (or something close) in root's home dir. It gets the > user/password combination of any user that telnet, ftp or use pop3 to > get to the machine (no ssh). > > What's the security hole that's being exploited? At first the attacker > didn't have the root password.
Don't know about this BitchX-stuff, but the rest might be a juggernaut attack. Juggernaut is a nice and userfriendly telnet-hijacker that has been presented in Phrack-magazine. It steals an established telnet-, ftp- or pop3-session and compiles good under debian and any other linux (I don't think it is or will be a debian package though :) ) If you have been attacked by juggernauts you should see so called ACK storms. AFAIK the only solution is to use ssh-programms. -- Yours <a href="http://www.koeln-online.de/einblick/"> Frank Barknecht Das Koelner Stadt- und Unimagazin >-------------< </a> -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .