- What are you talking about? geostl.com looks fine to me. > -----Original Message----- > From: geocaching-bounce@xxxxxxxxxxxxx > [mailto:geocaching-bounce@xxxxxxxxxxxxx]On Behalf Of Andy Sims > Sent: Tuesday, December 23, 2003 7:44 AM > To: geocaching@xxxxxxxxxxxxx > Subject: [GeoStL] Re: Rooted? > > > - > Well the defaced website says it has been rooted, > which means that the intruders have gained root access > to the machine. Root is the master user on a unix > machine. If this is the case then at the very least, > passwords need to be changed and files restored. It > could just be BS too. Maybe just the web server > software (apache?) was vulnerable, and maybe the > damage was just limited to that, but I don't know > enough about the machine to say what is what. They > busted in somehow. It was probably an automated > attack, some sort of worm. > > Usually when something like this happens a clean > install of the OS with the most recent software is the > best answer. It not be necesary. Id try > http://www.chkrootkit.org/ first and see if it can be > cleaned up. The point of entry needs to be identified > as well. If the box is hardened, then it's probably > the web server software. > > I port scan of the machine shows: > > Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) > at 2003-12-23 07:36 CST > Interesting ports on 66.78.41.199: > (The 1628 ports scanned but not shown below are in > state: closed) > Port State Service > 1/tcp open tcpmux > 21/tcp open ftp > 22/tcp open ssh > 25/tcp open smtp > 32/tcp open unknown > 53/tcp open domain > 80/tcp open http > 110/tcp open pop-3 > 111/tcp open sunrpc > 143/tcp open imap2 > 443/tcp open https > 465/tcp open smtps > 993/tcp open imaps > 995/tcp open pop3s > 3306/tcp open mysql > 6666/tcp open irc-serv > Device type: general purpose > Running: Linux 2.4.X > OS details: Linux 2.4.20 - 2.4.21 w/grsecurity.org > patch > Uptime 22.518 days (since Sun Nov 30 19:10:16 2003) > > Nmap run completed -- 1 IP address (1 host up) scanned > in 20.443 seconds > root@yutty:/home/andy# > > Port 111 should really be blocked on a machine out in > the wild, and if mysql does nothing but serve data to > (apache) then it should be blocked to the outside > world as well. > > imap has serious security issues if it's not up to > date. > > apache is allways being updated because of security > issues. > > ftp is kind of redundant with ssh running seeing as > how putty supports sftp nowdays. > > I could go on and on. > > I'm not going to poke at the box any more than this > port scan unless someone tells me to. > > Merry Christmas to us all. > > Andy (Yutty) > > --- Dave <d-a-v-e@xxxxxxxxxx> wrote: > > - > > What does it mean to be rooted? > > > > Do we simply need to replace files or change all the > > passwords? > > > > Dave > > > > Andy Sims wrote: > > > > > - > > > > > > Well I suppose it would considering the list is > > hosted > > > by freelists.org > > > > > > Duh, should have thought of that. > > > > > > Glen or whoever keeps the SLAGA site up, if you > > could > > > use some help cleaning up this mess let me know. > > > > > > What a bummer, > > > > > > Andy (Yutty) > > > > > > --- Andy Sims <yutty_666@xxxxxxxxx> wrote: > > > > - > > > > > > > > I just tried to visit the home page and it looks > > > > like > > > > the box has been cracked. I'm sending this to > > see > > > > if > > > > the list is still working. > > > > > > > > __________________________________ > > > > Do you Yahoo!? > > > > New Yahoo! Photos - easier uploading and > > sharing. > > > > http://photos.yahoo.com/ > > > > > > > > > > > > > > ****************************************************************** > ********** > > > > Our WebPage! Http://WWW.GeoStL.com > > > > Mail List Info. > > > > > > > > > > //www.freelists.org/cgi-bin/list?list_id=geocaching > > > > Mail List FAQ's: > > > > //www.freelists.org/help/questions.html > > > > > > > > > > > > > > ****************************************************************** > ********** > > > > To unsubscribe from this list: > > > > send an email to > > geocaching-request@xxxxxxxxxxxxx > > > > with 'unsubscribe' in the Subject field > > > > > > > > > > > > > > > > > > > > > > __________________________________ > > > Do you Yahoo!? > > > New Yahoo! Photos - easier uploading and sharing. > > > http://photos.yahoo.com/ > > > > > > ****************************************************************** > ********** > > > Our WebPage! Http://WWW.GeoStL.com > > > Mail List Info. > > > //www.freelists.org/cgi-bin/list?list_id=geocaching > > > Mail List FAQ's: > > //www.freelists.org/help/questions.html > > > > > > ****************************************************************** > ********** > > > To unsubscribe from this list: > > > send an email to geocaching-request@xxxxxxxxxxxxx > > with 'unsubscribe' in the Subject field > > > > > > > ****************************************************************** > ********** > > Our WebPage! Http://WWW.GeoStL.com > > Mail List Info. > > > //www.freelists.org/cgi-bin/list?list_id=geocaching > > Mail List FAQ's: > > //www.freelists.org/help/questions.html > > > > > ****************************************************************** > ********** > > To unsubscribe from this list: > > send an email to geocaching-request@xxxxxxxxxxxxx > > with 'unsubscribe' in the Subject field > > > > > > > > > > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/ > > ****************************************************************** > ********** > Our WebPage! Http://WWW.GeoStL.com > Mail List Info. //www.freelists.org/cgi-bin/list?list_id=geocaching > Mail List FAQ's: //www.freelists.org/help/questions.html > > ****************************************************************** > ********** > To unsubscribe from this list: > send an email to geocaching-request@xxxxxxxxxxxxx with > 'unsubscribe' in the Subject field > > > > > **************************************************************************** Our WebPage! Http://WWW.GeoStL.com Mail List Info. //www.freelists.org/cgi-bin/list?list_id=geocaching Mail List FAQ's: //www.freelists.org/help/questions.html **************************************************************************** To unsubscribe from this list: send an email to geocaching-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field