[SunRescue] Cracked!
Eric Hall
rescue at sunhelp.org
Sat May 12 08:30:35 CDT 2001
Well, it's my own fault, but
I've been cracked. I noticed
a process running on my classic
named uniattack.sh - it seems
someone was using my lowly
classic to deface websites.
There was a new directory
created on my system -
/dev/cuc where the cracker
installed his utilities.
/etc/rc2.d/S71rpc was
replaced with a startup
script for the cracker.
Most of the scripts used
were written in perl.
I have them tar'd up safe
so I can reseach it in more
depth.
I'm going to have to
wipe the disk and reinstall
Sol 7, of course. I'm guessing
this was a totally scripted
attack - a worm if you will.
Anyway, if anyone has any info
on this crack, please let me
know. And be carefull out there.
Eric H
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the rescue
mailing list