man cron man periodic Gaurang. --- "Billy B. Bilano" <[EMAIL PROTECTED]> wrote:
> Dudes, > > Bad news today. Oh my goodness! I am in a tizzy-fit > over this! I am such > an expert at system administrating but even the best > of us fall from > glory now and then. And let me tell you, this is one > time I believe > somebody got the best of me... and that somebody is > a fellow named Charles! > > It all started when my big OpenBSD box took a dumper > and I got paged. So > I get into the bank and start to look around and I > poke and prod the box > and then I log into it and run the appropriate debug > tools (ls, ps, top, > cut, etc. -- pun not intended). I notice, at long > last, that the console > messages were not lying... the hard drive was indeed > full! (you can > never be too sure about that sort of thing as > everybody will agree) > > The offending file was the previous administrator > (Stan, who got fired > when I became IT director because he was a puss and > always joked about > beer and had a picture of some baby looking at teats > saying "lunch" on > his cube wall -- that offended me as a larger man). > So his old > administrator account has a huge mail spoolball that > is taking up 80% of > the drive! Holy crappers! So I logged in as "stan" > and used his password > he gave me in exchange for his severance package. I > typed "mail" hoping > to see if this would let me view his mail and it did > -- thankgod! What I > saw scared the holy mole dickens out of me... > > Thousands of emails! As I started reading them, I > realized the full > extent of what is, without a doubt, going to become > known as the biggest > and most notorious hack in the history of the > Internet! > > Northcutt better take out that section about the > Mitnik attack in that > terrible book he is always rehasing with only a > spit-shine and fancy new > cover because here comes something leaner and > meaner! (I have re-bought > that nut's book eight times and it is always the > same old cruft over and > over but there wont be a ninth purchase, you bet > your pink pajamas!) > Someone needs to tell him that SANS is not the MANS! > LOL! > > This is BIG, folks! The mails... there were big ones > and small ones and > they all had one thing in common: they were from a > person who would soon > be determined to be a master hacker who has > obviously infiltrated the > bank's system long ago, before I even canned Stan > (he was such a chump > and always lost his wallet because he wore those > baggy hacker pants). > > It seems that this black head hacker, named Charlie > Root, has been busy > alright... Every night, like clockwork, he sends me > a few emails that > contain the most intimate of details about the > server! Drive space, > logins, users I've created and removed, and more! I > think he is trying > to extort money from the bank! > > I was scared to hell to raise any red alarms at the > bank so I started to > look around and I believe I found out who this > Charlie Root person > really is: > > http://www.baseballlibrary.com/baseballlibrary/ballplayers/R/Root_Charlie.stm > > It seems that old Chinski used to play baseball for > the Brown Cubs back > in his youth. Clearly, from reading about his shoddy > career, he was > washed up as his stats are terrible by modern > standards and he retired > from the game in 1970! Now, as is abundantly clear, > he has reached a > desperate point in his life and is now devoting his > time to taking over > the world's infrastructure and trying to do phishy > things and extort > money from gallant administrators like myself. > > I looked into the front directory on my server and > saw a folder called > "root"! OMGF! I dove into his folder and saw all > kinds of hacker files > (like some thinger called ".bash_history" which > seems to contain a list > of commands he uses to take over the system, and > ".forward" which > contains Stan's email address). There were also > tarballers for other > things that look like old log backups! Incredible! I > tried to delete > some of these trojan files but it said I could not! > I did some more > looking around and found another startling fact: > Charlie Root has > changed my shell! It is not sh like it should be, it > has been set to > "stsh" which it certainly some kind of backdoor > hacker tool to capture > my strokes! > > Normally I would just reboot the server but this > time, since I was at > lunch, I decided to play around with my EMACKS > script on my new Sun > 6800's and, by chance, I saw that almost every file > on the system was > already owned by the "root" fellow! He has the guile > to call himself > "Super-User!" when I fingered (LOL) his account! We > have only had these > systems for a little over a month and this Charlie > Root has already > taken over every UNIX server in the bank! > > This may be the end of our company if I cannot get > this hacker out of > our systems and expunge the network of this wretched > "root" Chinski > thing. I will not bow to his extortion attempts! > > Someone please tell me what I should do next! > > P.S. My bloglog has more background info and stuff > about Chinski's > involvement in Y2000K... <http://www.bilano.biz/> > > -- > Mr. Billy B. Bilano, MSCE, CCNA > <http://www.bilano.biz/> > Expert Sysadmin Since 2003! > 'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.netsys.com/full-disclosure-charter.html > __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
