Raquel wrote: > On Thu, 20 Aug 2009 12:59:39 -0500 > Ron Johnson <[email protected]> wrote: > >> > The machine has been hacked by someone using a Romanian IP address >> > and has been taken offline while I continue to investigate. Then >> > I'll do a new install and rebuild. >> >> How'd he get in? > > I found it! He got in through a vulnerability in Zen Cart. > > I found in /var/log/auth.log where he'd changed the passwords of root > and myself and confirmed it in syslog. Then I found > in /root/.bash_history where he'd downloaded some scripts to the > server, then started going through logs. Finally I was digging > through apache logs and found him. Then I googled for a > vulnerability in Zen Cart and found this: > http://www.securityfocus.com/bid/35467/info >
Cite: "Note that the issue occurs only when the 'admin' directory wasn't properly renamed during the installation process." ???? is this true? means your fault! sorry and reagards -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
