Forensics On a Cracked Linux Server 219
This blog entry is the step-by-step process that one administrator followed to figure out what was going on with a cracked Linux server. It's quite interesting to me, since I have had the exact same problem (a misbehaving ls -h command) on a development server quite a while back. As it turns out, my server was cracked, maybe with the same tool, and this analysis is much more thorough than the one I was able to do at the time. If you've ever wondered how to diagnose a Linux server that has been hijacked, this short article is a good starting point.
Story is FUD from a M$ shill (Score:2, Funny)
Yeah obvious FUD article (Score:5, Funny)
The bottom line is that a LINUX SERVER CAN'T BE CRACKED.
Maybe this admin got his login info phished by Nigerian scammers, I don't know. The guy probably is wondering why his Ebay account has a bunch of negative feedback and his MySpace is all jacked up and hasn't put 2 and 2 together with that time he responsed to that clever email asking for the triple whammy of MySpace/Ebay/root on your servers so that you could clear the money transfer.
That or he didn't have his updates turned on and had an outdated BIND. And its not like BIND means Linux is unsecure.
Even not that the idea that Linux is crackable is laughable and not worht front page at digg let alone slashdot. You don;t see Technorait or Bruce Perens' site posting garbage like this ever so why slashdot editors can't see thru it i dont kno.
Looks as if there was another way... (Score:4, Funny)
sPh
Re:Story is FUD from a M$ shill (Score:0, Funny)
I had to do this once. (Score:4, Funny)
Meta-cracking (Score:5, Funny)
1. Infect Linux server of some guy with a blog.
2. Guy blogs about how he dealt with said infection.
3. Blog posting gets linked to on Slashdot.
4. Millions of computers attempt to access the blog, hence bringing down the server.
Don't you see? We've a socially engineered botnet!
(And please, for the love of all that is sacred and funny, don't reply to this and add steps for "???" and "Profit". It's just tired and completely not funny. And the clever little variation on that theme you're thinking about posting right now isn't funny either.)
*Bourne* Shell? (Score:5, Funny)
I knew it! Jason Bourne was involved in this!
Re:How did he get access and On tools (Score:5, Funny)
Clearly, we as sysadmins should rethink the long-standing policy of setting all root passwords to either love, secret, sex, or god. Perhaps we should at least add another password to the list, like "unhackable" or something truly secure like that.
Re:Meta-cracking (Score:1, Funny)
6. Profit!
(oh, come on, you asked for it)
Re:Meta-cracking (Score:5, Funny)
2. ????
3. Profit!
Raise your hand (Score:5, Funny)
Re:Yeah obvious FUD article (Score:5, Funny)
Re:Forensics (Score:5, Funny)
It makes for an interesting read
Anonymous in case the admin actually reads slashdot.
Re:Raise your hand (Score:5, Funny)
'ls' is not recognized as an internal or external command,
operable program or batch file.
Oh noes!
Re:Ssshhh.... Secrets Revealed... (Score:5, Funny)
The 220,000 or so members of the Slashdot Members Who Post Authoritative Statements On The Inner Workings Of Microsoft To Support Their Arguments warmly welcomes you to the club.
That's it, I'm switching to Windows (Score:4, Funny)
Re:Yeah obvious FUD article (Score:5, Funny)
Re:Yeah obvious FUD article (Score:5, Funny)
ASCII art is lame
If you really want to blast them
Then try a haiku
So in my rage, I wrote this (and used the code layout):
Today I posted
Today I looked like an ass
It is Friday, beer
Re:I had to do this once. (Score:3, Funny)
Re:Forensics (Score:2, Funny)
Are you too stupid to know what redundant means? I guess you are.
Hey mod you're an dumbass.
Wait, "dumbass moderator" see, THAT is redundant.
Re:Forensics (Score:5, Funny)