Ol� Pessoal Recebi esta mensagem solicitando ajuda e encontrei no link (http://planeta.terra.com.br/informatica/defacer/cgi), um execut�vel em elf*
Que felizmente n�o afetou meu sistema, mas afetou sistemas com RedHat (n�o tenho maiores detalhes). Algu�m poderia verificar se REALMENTE se trata se um script MALICIOSO/PERIGOSO. para que possamos tomar as devidas provid�ncias? Programa��o n�o � a minha �rea! Agrade�o qualquer informa��o. abs, Ricardo Castanho ---------- Forwarded Message ---------- Subject: Re: I need help from Brazil Date: Saturday 13 March 2004 10:08 From: Muhammed DAUD <[EMAIL PROTECTED]> To: Ricardo Castanho de Oliveira Freitas <[EMAIL PROTECTED]> Hi thank you very much for your reply. Id rather prefer to dizcover what holes I have in my server cz those kids might transfer tere scripts to any other place if you want I send you the binary I found . one of the binaries is alredy in that url . the other binary called local4. how can u help? regards Quoting Ricardo Castanho de Oliveira Freitas <[EMAIL PROTECTED]>: > On Saturday 13 March 2004 15:09, you wrote: > > Hello! > > I'm sorry our "kids" are putting you on troubles! > They use the same server I use: www.terra.com.br > It belongs to TELEFONICA (Spanish company). > > Send email with full logs to: [EMAIL PROTECTED] > > This server is one of the biggest in Brazil, but .... usually they are not > very helpfull. > > If you don't get any results, email me back, I will try other channels > like > > the: > http://registro.br > > They are one the biggest Internet "notary" services. They control almost > 100% > > of the brazilian domains name. > > They are quite serious on their job, unlike TERRA.com.br. > > Sometimes I think TERRA is too big to worry about "our" problems. > > Hope to help, > > Ricardo Castanho > > > Hi > > I found you mail in securityfocus.com. my server has been hacke 2 times > > within 3 months by brazilian kids . I don know how they manage to do it. > > all I found in my servers log is some thing like this > > --21:10:45-- http://planeta.terra.com.br/informatica/defacer/cgi > > => `cgi' > > Resolving planeta.terra.com.br... done. > > Connecting to planeta.terra.com.br[200.176.2.133]:80... connected. > > HTTP request sent, awaiting response... 200 OK > > Length: 17,874 [text/plain] > > > > 0K .......... ....... 100% > > 44.99 KB/s > > > > 21:10:49 (44.99 KB/s) - `cgi' saved [17874/17874] > > > > > > then I found they got my root pass and I have to rebuild all of my > > server .. > > I use redhat with latest kernel an apache. > > can you help me? > > or at least direct me to some one who can > > regards > > > > > > > > > > > > > > Muhammed DAUD > > Kilavuz.net > > tel: 224-225 4627 > > faks: 224-225 4629 > > -- > ========================================================== > Linux user # 102240 => [EMAIL PROTECTED] user => 100% M$ FREE > ========================================================== ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ------------------------------------------------------- -- ========================================================== Linux user # 102240 => [EMAIL PROTECTED] user => 100% M$ FREE ========================================================== --------------------------------------------------------------------------- Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br Regras de utiliza��o da lista: http://linux-br.conectiva.com.br FAQ: http://www.zago.eti.br/menu.html
