Re: [Nagios-users] nagios backdoor

2013-06-12 Thread Andreas Ericsson
On 06/06/2013 10:46 PM, William Leibzon wrote: > Sounds like they got through some sort of security hole in apache and > accessed database on the server, probably as apache/www user and not > root. Unsure from the information given if this apache backdoor would > have had anything to do with nagios

Re: [Nagios-users] nagios backdoor

2013-06-06 Thread William Leibzon
Sounds like they got through some sort of security hole in apache and accessed database on the server, probably as apache/www user and not root. Unsure from the information given if this apache backdoor would have had anything to do with nagios cgi or not. BTW the description of how it happened is

Re: [Nagios-users] nagios backdoor

2013-06-06 Thread Jakob Curdes
Am 06.06.2013 21:10, schrieb Rainer Duffner: > Do you have any details? The german notice sounds like someone broke > into their nagios system, but not necessarily by a nagios backdoor. Sven We know very little, but from the nagios architecture I would rather suspect there is a security flaw in a

Re: [Nagios-users] nagios backdoor

2013-06-06 Thread Zack Colgan
On 06/06/2013 03:48 PM, Κοκμάδης Δημήτριος wrote: > The full text: > > > Dear Client > > At the end of last week, Hetzner technicians discovered a "backdoor" in one > of our internal monitoring systems (Nagios). > > An investigation was launched immediately and showed that the administration

Re: [Nagios-users] nagios backdoor

2013-06-06 Thread Κοκμάδης Δημήτριος
The full text: Dear Client At the end of last week, Hetzner technicians discovered a "backdoor" in one of our internal monitoring systems (Nagios). An investigation was launched immediately and showed that the administration interface for dedicated root servers (Robot) had also been affected. C

Re: [Nagios-users] nagios backdoor

2013-06-06 Thread Rainer Duffner
Am 06.06.2013 um 20:46 schrieb Sven Nierlein : > Hi, > > Do you have any details? The german notice sounds like someone broke > into their nagios system, but not necessarily by a nagios backdoor. > > Sven There are not many details available - probably partly because they don't know them th

Re: [Nagios-users] nagios backdoor

2013-06-06 Thread Sven Nierlein
Hi, Do you have any details? The german notice sounds like someone broke into their nagios system, but not necessarily by a nagios backdoor. Sven On 6/6/13 18:31, Kirill Bychkov wrote: > Hello list, > > I am client of Hetzner Online (http://hetzner.de) > They are sent me email this following

[Nagios-users] nagios backdoor

2013-06-06 Thread Kirill Bychkov
Hello list, I am client of Hetzner Online (http://hetzner.de) They are sent me email this following text (part): = At the end of last week, Hetzner technicians discovered a "backdoor" in one of our internal monitoring systems (Nagios). The malicious code used in the "backdoor" exclusively infects