Hacker?

[ves]

I think a hacker has taken over my index page. Noboby can see my webpages, and my Index page within File Manager has a strange message saying they have taken over our Linux server. There is an email address also. I have pasted the hacker page/message below.

I do have a copy of my Index page, so I tried re-naming the files, swoping the Index page over, but this didn't work.

Can anyone help please?

ves
---------------------
r00t_System owns your Linux!!!
id
uid=0(root) gid=0(root)

uname -a
Linux ess4.esecuresite4.com 2.4.18-27.7.x #1 Fri Mar 14 06:44:53 EST 2003 i686 unknown


O mundo é um lugar perigoso de se viver,
não por causa daqueles que fazem o mal,
mas sim por causa daqueles que observam e deixam o mal acontecer.
(Albert Einstein)


r00t_System - AFROM4N - Spofs - kieger - MC_KiNNeY - SmartBoy_


GreetZ pro channel ==> @Mushroom @c1b3r_fus1on @xHide @V4mu !AFROM4N +keyz %Fun3r4L +RS +k !kieger %openssh %onoteacx <== ;* &;


Contact - [email protected]

at IRC Join #RSy on Tornado.Phey.Net or Portugal.Phey.Net

www.cdmirror.org - www.delta5.com.br - www.zone-h.org

 

[jmstacey]

Yes. Searching google for "r00t_System owns your Linux!!!" brings Quite a few other "references"

 

[plugin]

I think a hacker has taken over my index page. Noboby can see my webpages, and my Index page within File Manager has a strange message saying they have taken over our Linux server. There is an email address also. I have pasted the hacker page/message below.

I do have a copy of my Index page, so I tried re-naming the files, swoping the Index page over, but this didn't work.

Can anyone help please?

ves
---------------------
r00t_System owns your Linux!!!
id
uid=0(root) gid=0(root)

uname -a
Linux ess4.esecuresite4.com 2.4.18-27.7.x #1 Fri Mar 14 06:44:53 EST 2003 i686 unknown


O mundo é um lugar perigoso de se viver,
não por causa daqueles que fazem o mal,
mas sim por causa daqueles que observam e deixam o mal acontecer.
(Albert Einstein)


r00t_System - AFROM4N - Spofs - kieger - MC_KiNNeY - SmartBoy_


GreetZ pro channel ==> @Mushroom @c1b3r_fus1on @xHide @V4mu !AFROM4N +keyz %Fun3r4L +RS +k !kieger %openssh %onoteacx <== ;* &;


Contact - [email protected]

at IRC Join #RSy on Tornado.Phey.Net or Portugal.Phey.Net

www.cdmirror.org - www.delta5.com.br - www.zone-h.org

I hope you now understand why you have to do security updates. There not made for just laying around, they are made for doing updates with. If this was a real hacker he didnt leave your system behind with his contact details on it. It is a scriptkiddie using some 0day exploit. Just patch up your whole system, and download a rootkit checker from google and remove what he has installed!

 

[ves]

Okay okay - don't get nasty with me - I'm new to all of this, I have printed out (and read!) all of the site helper instructions - but nowhere does it mention security updates. I thought that side of things must be covered by your end.

I'm not psychic - I don't know if I have to do security updates unless I'm informed of the fact. And if so, HOW?

The only thing mentioned in the Helper Guide is to make a site backup, which I did.

Now your brief instruction on how to fix matters may seen blindingly obvious to you, but I haven't a clue what it means.

But obviously, that isn't your problem.

 

[dannygoh]

uname -a
Linux ess4.esecuresite4.com 2.4.18-27.7.x #1 Fri Mar 14 06:44:53 EST 2003 i686 unknown

you must have admin right to patch the system. if you are reseller or user running DA, ask your web host to do it.

 

[ves]

Thanks Guys,
I'll get directly in touch with HostLogical who host my site, and see what they can do for me.
I thought this forum led to them - got that wrong too!! :-(
I see what you're getting at - and I must say it is definately beyond my capabilities, Hostlogical will have to sort it for me.

Again, thanks for your time and kind assistance.
Best regards,
Val

 

[nobaloney]

If Hostlogical hosts your site, then it's their server that was hacked, and they have to fix it.

Jeff