On Thu, 20 Aug 2009 12:59:39 -0500 Ron Johnson <[email protected]> wrote:
> > The machine has been hacked by someone using a Romanian IP address > > and has been taken offline while I continue to investigate. Then > > I'll do a new install and rebuild. > > How'd he get in? I found it! He got in through a vulnerability in Zen Cart. I found in /var/log/auth.log where he'd changed the passwords of root and myself and confirmed it in syslog. Then I found in /root/.bash_history where he'd downloaded some scripts to the server, then started going through logs. Finally I was digging through apache logs and found him. Then I googled for a vulnerability in Zen Cart and found this: http://www.securityfocus.com/bid/35467/info -- Raquel ============================================================ Power without love is reckless and abusive and love without power is sentimental and anemic. Power at its best is love implementing the demands of justice. Justice at its best is power correcting everything that stands against love. --Martin Luther King,. Jr. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
