On Tue, 3 Jul 2001, Pablo Manalastas wrote:
>
> From these two post, do we assume that root's password was stolen? If
> it is an ordinary user's password that was stolen, doing that kind of
> hack is still quite a challenge, so it must be root's password that
> the hacker got.
>
They used the password of a user who had permissions to modify the Apache
document root on the original Solaris server (one of the webmaster
accounts).
The original Solaris box did not have any suspicious files or ports open,
and the wtmp was intact as far as we could tell, but we are not about to
say that it hasn't been rootkitted just yet.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w---
O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+
G e++ h! r++ y+
------END GEEK CODE BLOCK------
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
