From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Mon, 20 Aug 2007 00:45:54 +0400 From: Pavlov Konstantin To: smoke-room@lists.altlinux.org Message-ID: <20070819204554.GA29333@cryo.net.ru> References: <20070816180100.GG24364@osdn.org.ua> <87odh6o6a6.fsf@asia.home.dd> <20070819064502.GA25833@mw.local.seiros.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB" Content-Disposition: inline In-Reply-To: <20070819064502.GA25833@mw.local.seiros.ru> X-Operating-System: ALT Linux 4.0 Server (Walnut) User-Agent: Mutt/1.5.14 (2007-02-12) Subject: Re: [room] Ubuntu servers hijacked, used to launch attack X-BeenThere: smoke-room@lists.altlinux.org X-Mailman-Version: 2.1.9rc1 Precedence: list Reply-To: =?koi8-r?b?y9XM2NTV0s7ZyiDPxtTP0MnL?= List-Id: =?koi8-r?b?y9XM2NTV0s7ZyiDPxtTP0MnL?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Aug 2007 20:46:53 -0000 Archived-At: List-Archive: --DocE+STaALJfprDB Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 19, 2007 at 10:45:02AM +0400, =E4=C5=CE=C9=D3 =F3=CD=C9=D2=CE= =CF=D7 wrote: > On Fri, Aug 17, 2007 at 01:32:33PM +0400, Dmitry Derjavin wrote: >=20 > DD> =E5=D3=CC=C9 =D5=D6 =D0=D2=C5=C4=CC=C1=C7=C1=C5=D4=C5 =D3=C4=C5=CC=C1= =D4=D8 =D4=C1=CB=CF=CA =D7=D9=D7=CF=C4 =C9=DA =DC=D4=CF=CA =C9=D3=D4=CF=D2= =C9=C9, > DD> =D0=D2=CF=CB=CF=CD=CD=C5=CE=D4=C9=D2=D5=CA=D4=C5, =D0=CF=D6=C1=CC=D5= =CA=D3=D4=C1, =CB=C1=CB=C9=CD =CF=C2=D2=C1=DA=CF=CD =C9=DA =C9=CE=C3=C9=C4= =C5=CE=D4=C1 =D3 > DD> =CE=C5=D3=CF=D3=D4=CF=D1=D4=C5=CC=D8=CE=D9=CD=C9 =C1=C4=CD=C9=CE=C1= =CD=C9 =D3=CC=C5=C4=D5=C5=D4 =D7=D9=D7=CF=C4 =CF =CE=C5=D0=D2=C9=C7=CF=C4= =CE=CF=D3=D4=C9 Ubuntu =D7 > DD> =CB=C1=DE=C5=D3=D4=D7=C5 =D3=C5=D2=D7=C5=D2=CE=CF=CA =D0=CC=C1=D4=C6= =CF=D2=CD=D9. =E8=CF=D4=D1 =C2=D9 =C9 =D0=CF =D3=D2=C1=D7=CE=C5=CE=C9=C0 = =D3 ALT. >=20 > =E5=D3=CC=C9 =D7=DA=D1=D4=D8 =D3=C5=C7=CF=C4=CE=D1=DB=CE=C9=CA =D3=C5=D2= =D7=C5=D2 =C9 =CF=D3=D4=C1=D7=C9=D4=D8 =CE=C1 =C7=CF=C4 =C2=C5=DA =CF=C2=CE= =CF=D7=CC=C5=CE=C9=CA, =C9 =D4=CF =D6=C5 > =D3=C1=CD=CF=C5 =D3=C4=C5=CC=C1=D4=D8 =D3 =D5=C2=D5=CE=D4=CF=CA =CB=C1=CB= =CF=CA -- =D5 =CD=C5=CE=D1 =C2=D5=C4=D5=D4 =D3=CF=CD=CE=C5=CE=C9=D1 =DE=D4= =CF =DE=C5=D2=C5=DA =C7=CF=C4 =CE=C1=DB > =C2=D5=C4=C5=D4 =CC=C5=C7=CB=CF =D7=DA=CC=CF=CD=C1=D4=D8. =F7 =D4=CF=CD = =D6=C5 =DE=D4=CF =D4=C1=CB=CF=C5 =CD=CF=D6=CE=CF =C2=D5=C4=C5=D4 =D0=D2=CF= =C4=C5=CC=C1=D4=D8 =D3 =D5=C2=D5=CE=D4=D5 =D5 > =CD=C5=CE=D1 =D3=CF=CD=CE=C5=CE=C9=CA =CE=C5=D4. >=20 > =F3=CC=C9=DB=CB=CF=CD =CD=CE=CF=C7=CF =D5=D3=C9=CC=C9=CA =CB =CE=C1=DB=C5= =CD=D5 =D3=C5=D2=D7=C5=D2=D5 =D0=D2=C9=CB=CC=C1=C4=D9=D7=C1=C5=D4=D3=D1, = =DE=D4=CF=C2=D9 =CF=C2=C5=D3=D0=C5=DE=C9=D4=D8 > =D4=C1=CB=C9 security. =F3 =C4=D2=D5=C7=CF=CA =D3=D4=CF=D2=CF=CE=D9, =D0=C1=D2=D5 =D2=C1=DA =CD=D9= =D5=D6=C5 =DE=C5=D3=C1=CC=C9 =CB=CF=CC=C5=CE=CB=C9 =CE=C1 =D4=C5=CD=D5 "= =CB=C1=CB =C2=D9 =D0=D2=CF=C2=C9=D4=D8=D3=D1 =CE=C1 =D3=C5=D2=D7=C5=D2 =D3 =CF=D4=D3=D4=D2=C5=CC=C5=CE=CE=D9=CD oom-=CB= =C9=CC=CC=C5=D2=CF=CD sshd" :) --=20 > ps afux | grep | grep -v grep | awk '{print $1;}' | uniq =EF=D0=D1=D4=D8 races. =20 =E5=D3=D4=D8 =D4=D5=D4 =CF=C4=C9=CE =D3=D0=CF=D3=CF=C2 =CB=C1=CB-=D4=CF =D3= =DC=D4=C9=CD =C2=CF=D2=CF=D4=D8=D3=D1, kill -1 -9 =CE=C1=DA=D9=D7=C1=C5=D4= =D3=D1. -- ldv in devel@ --DocE+STaALJfprDB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGyKwCR0cP4/qrkIQRAqx1AKCeBw+xlHW/d8f+x75leGQp4J3DRgCeMBEw OILnQXjrsdp0L42TZXQh7OI= =xVqT -----END PGP SIGNATURE----- --DocE+STaALJfprDB--