Hi there folks. I just wanted to report a problem in channel #hq. One of
our servers was breached on 2/8/03 around 2PM CST. The intruder placed a
bot on our Linux server and connected to this channel. The intruder used
packet sniffer to monitor username and passwords going to and out of our
server. But the intruder made a mistake and caused the server to be
unusable. Therefore, we found the intrusion.
If you go into this channel, #hq, then you will see about 10 to 15
users/bots that have "Proprety of Ecko" in the whois. I've logged in to
gather information. They have since banned me from the channel. I've
gathered enough information to further protect our servers.
I am in the process of contacting the other 15 or so system administrator
of these boxes. I've contacted one already with the main user "ecko" which
doesn't seem to be a bot at all. I believe the person who've logged in the
box is actually using it. Anet.com has acted on this already and the user
has moved now at ns2.homefusion.net
I was wondering what you folks can do about this. I understand that you
folks are just providing a forum for any type of internet relay chat.
-Joong
- Re: [Coder-Com] Channel #hq Joong Kim