Re: Cannot Login - Access Found!
On Fri, 21 Aug 2009 06:57:50 +0200 Emanoil Kotsev delop...@yahoo.com wrote: Raquel wrote: On Thu, 20 Aug 2009 12:59:39 -0500 Ron Johnson ron.l.john...@cox.net wrote: The machine has been hacked by someone using a Romanian IP address and has been taken offline while I continue to investigate. Then I'll do a new install and rebuild. How'd he get in? I found it! He got in through a vulnerability in Zen Cart. http://www.securityfocus.com/bid/35467/info Cite: Note that the issue occurs only when the 'admin' directory wasn't properly renamed during the installation process. is this true? means your fault! sorry and reagards Yeah. I held a gun to his head and told him to break into my computer and mess things up. It's my fault the burglar broke into my house because I locked all the doors with double dead-bolts but didn't have a guard dog. It's my fault because I don't go to the Zen Cart web site regularly. -- Raquel And indeed people sometimes speak of man's bestial cruelty, but this is very unfair and insulting to the beasts: a beast can never be so cruel as a man, so ingeniously, so artistically cruel. --Ivan Karamazov -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Cannot Login - Access Found!
Raquel wrote: Cite: Note that the issue occurs only when the 'admin' directory wasn't properly renamed during the installation process. is this true? means your fault! sorry and reagards Yeah. I held a gun to his head and told him to break into my computer and mess things up. It's my fault the burglar broke into my house because I locked all the doors with double dead-bolts but didn't have a guard dog. It's my fault because I don't go to the Zen Cart web site regularly. sorry didn't mean to insult you in any way. young inpatient programmers ... what else I could say. I also doubt I, myself, am well protected. head up! sh*t happens! regards PS: If you were wise to make backups and know exactly when they broke in, you also know how they got in, you could save time by starting over at some previous point of time. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Cannot Login - Access Found!
In 20090821061430.b95afcb6.raq...@thericehouse.net, Raquel wrote: Emanoil Kotsev delop...@yahoo.com wrote: Raquel wrote: Ron Johnson ron.l.john...@cox.net wrote: Raquel wrote: The machine has been hacked by someone using a Romanian IP How'd he get in? I found it! He got in through a vulnerability in Zen Cart. http://www.securityfocus.com/bid/35467/info Cite: Note that the issue occurs only when the 'admin' directory wasn't properly renamed during the installation process. is this true? means your fault! Yeah. I held a gun to his head and told him to break into my computer and mess things up. It's my fault the burglar broke into my house because I locked all the doors with double dead-bolts but didn't have a guard dog. More like you locked all the doors, but left one window open. Still, I think that the point was that it is not a Debian security issue since Zen Cart isn't even packaged. It's also not strictly a Zen Cart issue because they did everything they could once the vulnerability was found -- they can't fix your system for you, they can only notify you of the issues as they are discovered. It's my fault because I don't go to the Zen Cart web site regularly. Yes-ish. If you are installing software in a secure environment you should follow security notifications about the software so you can assess any new threads and patch/reconfigure your system as need be. Security is a process, not a product. No once is trying to take the blame away from the Romanian cracker. He or she took an active role in activities that robbed your of time and resources, and should be held accountable. However, we (or at least I) wish to deflect blame from Debian or Zen Cart. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Re: Cannot Login - Access Found!
On Thu, 20 Aug 2009 12:59:39 -0500 Ron Johnson ron.l.john...@cox.net wrote: The machine has been hacked by someone using a Romanian IP address and has been taken offline while I continue to investigate. Then I'll do a new install and rebuild. How'd he get in? I found it! He got in through a vulnerability in Zen Cart. I found in /var/log/auth.log where he'd changed the passwords of root and myself and confirmed it in syslog. Then I found in /root/.bash_history where he'd downloaded some scripts to the server, then started going through logs. Finally I was digging through apache logs and found him. Then I googled for a vulnerability in Zen Cart and found this: http://www.securityfocus.com/bid/35467/info -- Raquel Power without love is reckless and abusive and love without power is sentimental and anemic. Power at its best is love implementing the demands of justice. Justice at its best is power correcting everything that stands against love. --Martin Luther King,. Jr. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Cannot Login - Access Found!
Raquel wrote: On Thu, 20 Aug 2009 12:59:39 -0500 Ron Johnson ron.l.john...@cox.net wrote: The machine has been hacked by someone using a Romanian IP address and has been taken offline while I continue to investigate. Then I'll do a new install and rebuild. How'd he get in? I found it! He got in through a vulnerability in Zen Cart. I found in /var/log/auth.log where he'd changed the passwords of root and myself and confirmed it in syslog. Then I found in /root/.bash_history where he'd downloaded some scripts to the server, then started going through logs. Finally I was digging through apache logs and found him. Then I googled for a vulnerability in Zen Cart and found this: http://www.securityfocus.com/bid/35467/info Cite: Note that the issue occurs only when the 'admin' directory wasn't properly renamed during the installation process. is this true? means your fault! sorry and reagards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org