On Tue, Apr 03, 2001 at 02:28:08PM -0500, Mitchell Henderson wrote:
> Hi,
> I don't know if you could call it new, it's really a combo of
> everything that we've seen as of late.
Check this out:
==================================================================
>From [EMAIL PROTECTED] Wed Apr 4 09:53:23 2001
Date: Wed, 04 Apr 2001 18:38:49 +0800
From: Leo <[EMAIL PROTECTED]>
Newsgroups: alt.os.linux,comp.os.linux.misc,alt.linux,comp.os.linux.help,comp.os.linux
Subject: PLEASE HELP!, MY LINUX have been HACKED~
NNTP-Posting-Host: vp170207.nte.uac1.hknet.com
Dear all,
Today I turn on my linux and I recieved a mail from sendmail
regarding a failed message posted to someone in @sina.com . SO i check
it out and it basically it says the following:
---------- Forwarded message ----------
Date: Wed, 4 Apr 2001 03:15:21 +0800
From: Mail Delivery Subsystem <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Warning: could not send message for past 4 hours
**********************************************
** THIS IS A WARNING MESSAGE ONLY **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
**********************************************
The original message was received at Tue, 3 Apr 2001 21:57:12 +0800
from root@localhost
----- The following addresses had transient non-fatal errors -----
[EMAIL PROTECTED]
----- Transcript of session follows -----
451 4.4.1 timeout writing message to smtp.hknet.com
[EMAIL PROTECTED] Deferred
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old
After reading that message, I was curious because I never use ROOT to
send message out and aparently, that
"[EMAIL PROTECTED]" looks very unfamilar to me. So i am positive that I
didn't send such message. Inside the message
I found two attachment, one dat file and the other text file,..
Unfortunetly, when I read the text fileI see ALL the confidential
information all my system all pasted in there. The format looks
something like this:
/**************************HOST IP*****************************/
and then i see the whole ifconfig pasted here. then..
/**************************PS*********************************/
i see ps -aux, then
/**************************HISTORY***************************/
root's command history.. then
/************************HOSTS*****************************/
host file, AND EVEN
/************************PASSWD***************************/
passwd file , with ROOTS and all users' password unecrypted!!!!
I use redhat 7 and i'm sure i have shadow + md5 password enabled.
If anyone have any idea what's going wrong , please let me know and
how am i getting the file. I know that sina provide freemail service
but it has an extension of sinaman.com or sinagirl.com, but NOT
sina.com is that why i am getting the mail bounced back???
Any help would be appreciated. Thank you very much !
Leo
=================================================================
Unencrypted passwords????
--
Hal B
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Spamtrap: [EMAIL PROTECTED] and [EMAIL PROTECTED]
--
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list