Article 6052 at 06/07/19 16:01:46 From: cobaltfacts (at mark) virtbiz.com Subject: [coba-e:06052] Re: vunerable

Index: [Article Count Order] [Thread]

Date:  Wed, 19 Jul 2006 02:01:50 -0500
From:  Chris Gebhardt - VIRTBIZ Internet <cobaltfacts (at mark) virtbiz.com>
Subject:  [coba-e:06052] Re: vunerable
To:  coba-e (at mark) bluequartz.org
Message-Id:  <44BDD8DE.5080209 (at mark) virtbiz.com>
In-Reply-To:  <44BDBA65.70705 (at mark) mixfans.org>
References:  <27718190-A66C-4995-A501-E50CF1F0B24E (at mark) mfc.bakkers.gr.jp> <44BD2501.7070305 (at mark) dogsbody.org> <44BDBA65.70705 (at mark) mixfans.org>
X-Mail-Count: 06052

Dennis wrote:
> Suddenly I get this admin messages:
> 
> chown root:root /dev/shm/nice2k && chmod 4755 /dev/shm/nice2k && rm -rf 
> /etc/cron.d/core && kill -USR1 3286
> 
> chown: cannot access `/dev/shm/nice2k': No such file or directory
> 
> it seems that someone 'broke' into my system, but how to see what 
> happened and where ..
> dennis
> 
> 
> 

We see this on a customer system as well.  There do not seem to be other 
effects, and nothing was left in /tmp.  It looks as much like something 
that has been broken as something that has been broken into.

Odd...

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Hosting, Collocation, Dedicated Servers, Internet Access
(972) 485-4125 | http://www.virtbiz.com