Hi, They obviously set things so I could not reboot or find out what is going on. The first thing I discovered was that they had change the index.html file on the web server - I thought something had gone astray so rebooted and that is when it all started.
I never surfed the net as root....and thought I had the box locked down - only open ports were the normal ones (80, 21, 22) etc. I have no idea how they got in but maybe it was through SSH (I might have a older version that could be hacked). There was no telnet or anything like that. I still can't believe it.... Dan ----- Original Message ----- From: "Brian Robson" <[EMAIL PROTECTED]> To: "SLUG" <[EMAIL PROTECTED]> Sent: Wednesday, July 09, 2003 12:26 PM Subject: Re: [SLUG] Linux box hanging on startup > Hi Dan, > > Wow, that's amazing that it happened so quickly, and a very annoying hack, > with symptoms the same as a failure to boot correctly. It would have been > worse if you did not find out. > > Also, did you surf the net as "root"??? > > Brian > ==================================================== > > At 11:45 AM 9/07/03 +1000, you wrote: > >Hi, > > > >Not sure if this helps anyone but so far I have found: > > > >/var/log/message -> /dev/null > >/var/log/wtmp -> /dev/null > > > >They also created an HTML page called services.html and in it: > > > >"YOU WERE HACKED!!!Welcome to ParadoX's Web`s Page" > > > >there is also a whole load of other crap (some in Spanish/French or similar) > > > >I am just about to re-install the OS > > > >dan > > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
