Its the second time that someone has hacked into our server. This
hacker/script kiddie installed the stacheldraht DDOS tool into our server
and was using our server to launch his attacks. The first time our
wu-ftpd was exploited. I don't know what exploit he used this time. This
is the result of nmap port scan. Does anybody have any ideas? How could
have he gotten root access.
Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
Interesting ports on laurana.iconverge.com (202.78.85.46):
(The 1515 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
143/tcp open imap2
3128/tcp open squid-http
6112/tcp open dtspc
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
These are the versions of the services listening on the ports:
ftp -- ProFTPD 1.2.0
ssh -- SSH-1.2.27
smtp --postfix-19991231-pl08
domain -- bind-8.2.3
http -- apache-1.3.14
imap -- IMAP4rev1
squid -- squid-2.3.STABLE1-5
6112 -- bnetd-0.4.23pre9
--
Mike
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
