Narcis Radu wrote: >Salutare, > >Un prieten a patit o chestie tare nasoala: "Mass defacement". S-a prins >omul in timp util, dar na ... ar cam vrea sa afle si de ce s-a intamplat >asta. Poate cineva sa dea niste idei? Ramane indatorat cu multa bere! > >Iaka asta are pe masina: >httpd-2.0.49-4 >php-4.3.7-3 > >M-am uitat prin loguri si nu apare nika suspect. > >Darkus > > >--- >Detalii despre listele noastre de mail: http://www.lug.ro/ > > > > Mdeah. Am gasit cine o facut chestiuta, de unde a facut-o, dar nu stiu cum a facut-o
#netstat -tlpn tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 796/xinetd tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 998/mysqld-max tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1135/smbd tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN 929/clamd tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 796/xinetd tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 1035/spamd -d -c -a tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1116/proftpd: (acce tcp 0 0 x.x.x.x:53 0.0.0.0:* LISTEN 768/named tcp 0 0 x.x.x.x:53 0.0.0.0:* LISTEN 768/named tcp 0 0 10.0.0.1:53 0.0.0.0:* LISTEN 768/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 768/named tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 1099/postmaster tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1015/sendmail: acce tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 768/named tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1135/smbd tcp 0 0 :::80 :::* LISTEN 1335/httpd tcp 0 0 :::22 :::* LISTEN 783/sshd tcp 0 0 :::5432 :::* LISTEN 1099/postmaster tcp 0 0 :::443 :::* LISTEN 1335/httpd # nmap -sS (de pe o alta masina de aiurea): 20/tcp closed ftp-data 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop-3 113/tcp closed auth 995/tcp open pop3s Darkus --- Detalii despre listele noastre de mail: http://www.lug.ro/
