I 've been hacked, I need some help please...

Subjects

•	Home
•	mod jk2 https
•	Donation of JAXP 1 3 Sources to Apache
•	R annoyances
•	RE: Finding out when the aspnet admin worker process has recycled
•	Favorite Linux Distribution
•	eigenvalues of a circulant matrix
•	Apache Install
•	Reachin apache from outside
•	Ant should have an ext directory
•	Warning: Documentroot doesn 't exist
•	Can this be Done?
•	RE: Multilanguage Application
•	RE: Simple Question On setting up Sub Domain site
•	Lack of independence in anova()
•	How to close connection instead of sending 403?
•	winning the case for ANT
•	Re: adding php
•	New Ant GUI 'Ant 's Nest '
•	Narrowing Down A Strange Problem
•	Ant Task: sshexec
•	R Graph Gallery : categorization of the graphs
•	I 've been hacked, I need some help please
•	RE: Anyone working with DotNetNuke?
•	RE: Exception Handling Opinion
•	hex format
•	RE: IIS stopped working :(
•	<for > Build Failed:problem
•	RE: Separation of Objects from Logic
•	RE: Tracking pages with long request execution time
•	sending email to multiple destination
•	Web Site
•	ant UI
•	Easy cut & paste from Excel to R?
•	Win32 Apache Restart
•	Improving Tasks
•	HELP! PLEASE!
•	RE: Adding Controls to a Page
•	read table
•	RE: ASPNET account doesn 't exist!
•	Best way to uninstall Apache2 on red hat
•	from win to linux how to web page
•	XMLParseException changes and creation of XMLLocator2
•	Re Post: rewrite backslash to forward slash
•	Target or macrodef?
•	Page display problem XPSP2
•	Authentication problems
•	Dynamic Dictionary Data Type?
•	Newbie unable access my www from outside
•	off topic question: Latex and R in industries
•	Conflict between xtable and Hmisc when using Sweave?
•	Very old problem without any new solution
•	mod rewrite help
•	Basic Authentication question
•	RE: Code Security
•	calling ant from java program
•	prevent double signing
•	Re: Controlling Copy/Paste/Print
•	Using R to illustrate the Central Limit Theorem
•	web server slow too much slow
•	access to user directories

Links

Home

Official R Project Site

I 've been hacked, I need some help please...

I 've been hacked, I need some help please...

2005-03-15 - By Francisco Hidalgo Sol?

Reply: 1 2 3 4 5 6 7 8 9 10 >>

No, I don't...

--- Muhammad Rizwan <rizwan@(protected)> wrote:
>
> Are you using any hosting control panel?
>
>
>
> On Tue, 2005-03-15 at 18:41, Francisco Hidalgo Sol??
> wrote:
> > Hi, my apache web server has been hacked and they
> got
> > root access, this is my major concern.
> >
> > I have apache-2.0.52 and all my main pages were
> > changed to a HTML message written in WORD!!! (that
> for
> > sure says it was a script kiddie)
> > I think they got root access since all my log
> > directory is gone and they rewrote all index.*
> files
> > from all my filesystem directories with their own
> > message, I've found two process running under the
> user
> > "apache", they are "r0nin" and "brk".
> > The "who" command shows nothing, so it seems it
> was
> > changed. I've found some info on "r0nin" exploit
> but
> > nothing on "brk", both files are in /var/tmp.
> There
> > are also other files in /var/tmp, they are "dc"
> > (executable), b.tgz and edy.tgz.
> > As I said before, my major concern is root access.
> I'm
> > almost sure they got in with an insecure PHP
> script,
> > but as I see it (I could be wrong), this shouldn't
> be
> > a major problem, that can run scripts with the
> > unprivileged account "apache" but thats all,
> > nonetheless they got root access from that
> > unprivileged account.
> > Any ideas?, I don't know what to do. I've read
> that
> > the r0nin script opens a telnet session in port
> 1666,
> > but this cant be the problem, since this port is
> > blocked by the firewall and they would get an
> > unprivileged telnet access anyway, right?, I
> didn't
> > find any info about the other scrips, I still have
> > them there if you need any other info.
> > Thank you very much.
> >
> > Francisco
> >
> >
> >
> >
> >
> >
> >
>
___________________________________________________________
>
> > 250MB gratis, Antivirus y Antispam
> > Correo Yahoo!, el mejor correo web del mundo
> > http://correo.yahoo.com.ar
> >
> >
>
---------------------------------------------------------------------
> > The official User-To-User support forum of the
> Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html>
> for more info.
> > To unsubscribe, e-mail:
> users-unsubscribe@(protected)
> > " from the digest:
> users-digest-unsubscribe@(protected)
> > For additional commands, e-mail:
> users-help@(protected)
> >
>
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@(protected)
> " from the digest:
> users-digest-unsubscribe@(protected)
> For additional commands, e-mail:
> users-help@(protected)
>
>

___________________________________________________________
250MB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
http://correo.yahoo.com.ar

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
" from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)