Got an email from the isp for projectphotos.net (this is my secondary sever) saying that they got hacked. I checked my index.html and this is what is had.

xC0d3r3d and shellc0de ownz your b0x
Infektion Group
uid=0(root) gid=0(root) groups=503(xpreshost) Linux makoto.xpreshost.com 2.4.9-34 #1 Sat Jun 1 06:25:16 EDT 2002 i686 unknown 2:54pm up 245 days, 3:49, 0 users, load average: 0.02, 0.28, 0.28 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

One Response to “”

  1. Anonymous says:

    yes

    hi i got hacked by the same juvenile asshole, look for ptrace on your box and other assorted code placed by him. the hack replaces all index.html in your virtual/ directory with the graffiti.

    he used the famous sendmail exploit to get in.
    you need to update sendmail and update your kernel. 2.4.9 is really bad

    he and his idiot friends will keep coming back and using your box for various things if you dont

Leave a Reply

OpenID

Anonymous