Bill Beauchemin grabbed a keyboard and wrote: > > I wasa running a much older version of apache and openssl that i thought > were ok but nooooooooo I guess this hack works with even the old stuff. > I also didnt think somebody would be interested in my little private > home email and web server.
*Never* make that assumption. Of course, I guess you already know that now..... > Oh well I learned my lesson. Now I ogts to go > and get the apache, openssl, and the modssl patches. One problem with a hack like this is: What else got installed during the compromise? The only way you can be sure that you're safe now is to reformat all partitions and reinstall from scratch. Simply getting rid of the stuff that you've found won't guarantee that you've gotten everything that may have been installed during the compromise period - other back doors may have been installed. Live and learn: If you're online, you're a target. Keep your packages up to date with bug and security fixes. There's a security announce list being run by Mandrake; you might want to subscribe to it. It's low-volume, and only has postings from Mandrake when a security fix comes out so that you'll know to install it. It's worth it. Good luck with getting your system back together! --Dave > On Thu, 2002-10-31 at 12:13, Vincent Danen wrote: > > > > On Thursday, October 31, 2002, at 12:52 PM, Bill Beauchemin wrote: > > > > > Some idiot hacked my system using either the chunked-encoding bug in > > > Apache or the OpenSSL vulnerability to gain access. He ised a rootkit > > > called tc6. The file is called tc6b.tgz this kit will send out all your > > > passwords used on the system hacked. > > > > Can I ask why you haven't been keeping up with updates? Both of these > > vulnerabilities have been corrected in updates. -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com