Page 69 of 102 FirstFirst ... 19596667686970717279 ... LastLast
Results 1,021 to 1,035 of 1523
  1. #1021
    Join Date
    Oct 2010
    Location
    My world u just live here
    Posts
    1,256
    Quote Originally Posted by Steven View Post
    There was someone who mentioned it.
    I noticed it by a few 1 post wonders....

    .... Was wondering if anyone else could confirm it though.

    I setup Debian VPS yesterday with no security (none) and its still ticking away.

    I would not be all to surprised if Debian was in fact not compromised... And maybe someone wants people to think no place is safe.

    ▲ ▲

  2. #1022
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,249
    Quote Originally Posted by TheVisitors View Post
    I noticed it by a few 1 post wonders....

    .... Was wondering if anyone else could confirm it though.

    I setup Debian VPS yesterday with no security (none) and its still ticking away.

    I would not be all to surprised if Debian was in fact not compromised... And maybe someone wants people to think no place is safe.
    The same could be said for many centos servers, there are lots of people with zero infections.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  3. #1023
    Join Date
    Jul 2004
    Location
    London, UK
    Posts
    171
    Quote Originally Posted by egillette View Post
    Ironically, I've received multiple messages from various users who have thanked me for creating the script, incorporating some of the suggestions of others, and for maintaining the script up to this point, despite the negativity and unhelpful attitudes of some.
    Yeah because these people don't know that their boxes are still rooted.

    Quote Originally Posted by egillette View Post
    it's probably better to just keep them to yourself, rather than cluttering the thread with more of your opinions.
    Yup, much better. Well, more hilarious to have people running around wonder why they keep getting rooted when they're running a sooper-dooper cleanup script anyways.

  4. #1024
    Join Date
    Oct 2010
    Location
    My world u just live here
    Posts
    1,256
    Quote Originally Posted by Steven View Post
    The same could be said for many centos servers, there are lots of people with zero infections.
    True, but people who were infected got re-infected. I installed Debian on the same VPS, on the same IP address, port 22, with no security, and the password for root was password.

    I made it so easy that I'm surprised some random bot had not just taken hold... And yet no re-infection so far 24 hours later.

    So can anyone with maybe a little more credibility (not just 1 post wonders), come forward and tell us if Debian is also a problem or not?

    ▲ ▲

  5. #1025
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,469
    Based on the recent findings as well as evidence in this thread...

    If it's a linux server and connected to the internet, it's vulnerable.


    Stop asking if such and such distro is safe or not. Scan your PCs and monitor your network for malicious UDP payload, or hire someone qualified to do it for you.
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Ashburn VA + San Diego CA Datacenters

  6. #1026
    Join Date
    Oct 2010
    Location
    My world u just live here
    Posts
    1,256
    Quote Originally Posted by FastServ View Post
    Based on the recent findings as well as evidence in this thread:

    If it's a linux server and connected to the internet, it's vulnerable.


    Stop asking if such and such distro is safe or not.
    ^ That argument can be applied to anything connect to the Internet. Because nothing is 100% guaranteed hack / crack proof. If there is a will there is always away.

    My question is not toward "can" something be hacked / cracked.... That would an illogical argument because the answer is yes. Everything can be.

    My question was at this time does this single issue currently affect Debian? My findings so far would suggest at least for the moment, no. But I would like to know if anyone else (one of WHT more experienced and well know users) could confirm or deny if this single issue at this moment affect Debian.

    I believe it is a valid (even if you do not).

    ▲ ▲

  7. #1027
    Join Date
    Feb 2013
    Posts
    97
    Quote Originally Posted by FastServ View Post
    ...

    If it's a linux server and connected to the internet, it's vulnerable.


    ...
    If I may... I don't IMHO think that's entirely true, you are drawing a distinction that is not yet qualified. There is evidence within this thread that a root-kit on an office PC is the root of the issue (a key-logger). The targeting of Linux boxes with the data captured from such a key-logger is not proof that Linux is vulnerable, but a choice of the hacker, surely?

  8. #1028
    Join Date
    Aug 2006
    Location
    Ashburn VA, San Diego CA
    Posts
    4,469
    Quote Originally Posted by matbz View Post
    If I may... I don't IMHO think that's entirely true, you are drawing a distinction that is not yet qualified. There is evidence within this thread that a root-kit on an office PC is the root of the issue (a key-logger). The targeting of Linux boxes with the data captured from such a key-logger is not proof that Linux is vulnerable, but a choice of the hacker, surely?
    I should have omitted the Linux part -- it was said in context of the post I was replying to -- e.g. this distro is immune, this is not (in fact, windows logins, ISP login details, or even bank details could also be at risk).
    Fast Serv Networks, LLC | AS29889 | Fully Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
    Ashburn VA + San Diego CA Datacenters

  9. #1029
    Join Date
    Apr 2011
    Posts
    223
    Ramnet, thanks for posting this!

    Quote Originally Posted by ramnet View Post
    I am as well.
    nenolod and Steven actually have a copy of the rootkit keylogger that has caused this. It affects workstations and sends out keystrokes in dns packets out port 53.

    He used this infected workstation system to login to a honeypot and a few hours later that honeypot was hit.

    IP's all match the suspect IP's here.
    If you have a server affected by this, your workstation has been compromised.
    Steven & Nenelod - thanks for all the hard work you've put into investigating this!

    May I ask whether either of you have tested which antivirus/malware scanner that is able to detect this keylogger?

    That will be very helpful for all those managing servers to advise their clients to do a thorough scan of their PCs/laptops with scanners that can actually detect this rogue keylogger.

  10. #1030
    Join Date
    Feb 2013
    Posts
    97
    Quote Originally Posted by FastServ View Post
    I should have omitted the Linux part -- it was said in context of the post I was replying to -- e.g. this distro is immune, this is not (in fact, windows logins, ISP login details, or even bank details could also be at risk).
    Indeed, the only really safe place from anything is in your room with everything switched off, but even that is relative

  11. #1031
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,249
    Quote Originally Posted by vpswing View Post
    Ramnet, thanks for posting this!



    Steven & Nenelod - thanks for all the hard work you've put into investigating this!

    May I ask whether either of you have tested which antivirus/malware scanner that is able to detect this keylogger?

    That will be very helpful for all those managing servers to advise their clients to do a thorough scan of their PCs/laptops with scanners that can actually detect this rogue keylogger.

    I don't actually have access to it yet. However nenolod has shared that malwarebytes picked it up.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  12. #1032
    Join Date
    Dec 2009
    Posts
    138
    I have several antivirus installed (on different machines) all are up to date. If someone sends me the malware I can scan it for you.

  13. #1033
    Join Date
    Nov 2010
    Location
    Saskatchewan yep Canada
    Posts
    35

    scanners ran

    Im currently doing third scan on the same box .
    This is the only box I could have been infected on in my option.

    I found nothing with
    spybot
    nothing with MS Malware scanner
    now running malware bytes

    will advice soon as it finishes.
    Only thing I have confirmed thus far is I do have over 3 million files on my box




    Quote Originally Posted by vpswing View Post
    Ramnet, thanks for posting this!



    Steven & Nenelod - thanks for all the hard work you've put into investigating this!

    May I ask whether either of you have tested which antivirus/malware scanner that is able to detect this keylogger?

    That will be very helpful for all those managing servers to advise their clients to do a thorough scan of their PCs/laptops with scanners that can actually detect this rogue keylogger.

  14. #1034
    Join Date
    Feb 2013
    Posts
    97
    Quote Originally Posted by bdx33 View Post
    I have several antivirus installed (on different machines) all are up to date. If someone sends me the malware I can scan it for you.
    It's been previously stated that 'Malwarebytes Anti-Malware' picked it up. If you have an infected box that you have accessed from the scanned PC, could you please post the scan output from that PC here so the community can see it? If you have any malware found results of course.
    Last edited by matbz; 02-20-2013 at 11:02 PM. Reason: appended "If you have any malware found results of course."

  15. #1035
    Join Date
    Apr 2011
    Posts
    223
    Quote Originally Posted by Steven View Post
    I don't actually have access to it yet. However nenolod has shared that malwarebytes picked it up.
    Thanks Steven!

    Quote Originally Posted by ThreadHo View Post
    Im currently doing third scan on the same box .
    This is the only box I could have been infected on in my option.

    I found nothing with
    spybot
    nothing with MS Malware scanner
    now running malware bytes

    will advice soon as it finishes.
    Only thing I have confirmed thus far is I do have over 3 million files on my box
    Thanks ThreadHo!

Page 69 of 102 FirstFirst ... 19596667686970717279 ... LastLast

Similar Threads

  1. ****`it Rootkit, Tuxtendo Rootkit
    By ISpy in forum Hosting Security and Technology
    Replies: 4
    Last Post: 06-22-2010, 11:27 AM
  2. Which server builds are you rolling out?
    By GeekMe in forum Dedicated Server
    Replies: 11
    Last Post: 04-18-2010, 08:03 AM
  3. Getting the ball rolling ...
    By policefreq in forum New Members
    Replies: 1
    Last Post: 08-19-2006, 11:16 PM
  4. Getting company to get rolling
    By Overclocked in forum Running a Web Hosting Business
    Replies: 19
    Last Post: 08-03-2004, 04:02 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •