Nothing conclusive at this point. I currently suspect one or more of the
following:
1 Improperly applied update
2 webdav or something left over from the prior OS version (RH6.2)
3 physical access to the system (unlikely, but it had an easy-to-guess
root password).
4 Apache or sendmail exploit
My bets are on #2.
--Bruce
> In a message dated: Tue, 01 Jul 2003 12:22:14 EDT
> Bruce Dawson said:
>
>>hive.codemeta.com was compromised yesterday around 3pm. It looks like
>> they replaced sendmail and apache with their own versions. I've run
>> some audits and got back lots of suspicious files, so its going to take
>> a while to poke around.
>
> What was the method of compromise? An old apache, kernel, sendmail,
> etc.?
>
> Just curious.
_______________________________________________
Gnhlug-org mailing list
[EMAIL PROTECTED]
http://mail.gnhlug.org/mailman/listinfo/gnhlug-org
