Re: lug-bg: remote connect (fwd)
- Subject: Re: lug-bg: remote connect (fwd)
- From: firedust@xxxxxxx (Stanislav Lechev)
- Date: Thu, 26 Apr 2001 12:33:15 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
opitaj slednoto powecheto trojani podmenqt /bin/ls
za da krie files...
movesh da naprawish slednoto
cp /home/ftp/bin/ls /bin/
towa obiknowenno ne e trojannato
led towa proweri w /usr/bin, /usr/lib
i tnt dali nqma nqkoq dir ot sorta na ".(space)"
ili "(space)."
obichainite uv "skriti dirs"
no pyrwo wiv e /dev/...
da stranni files koito da ne sa char ili block devices...
a naj obiknowenni text files... w koito obiknowenno e napisano koi
portowe da se skriqt ... koi files i tnt
On Thursday 26 April 2001 11:53, you wrote:
> Tia mashinata si e moia i az sym toia deto e slagal OpenSSH.
> A v hosts.allow sym si addnal subneta ot koito moga da vlizam i do sega
> vinagi si e bilo OK.
> A tova za troiana ne znam kak da proveria. Do sega ne mi se e nalagalo.
>
> Niakyv syvet ?
>
> mano
>
> On Thu, 26 Apr 2001, Stanislav Lechev wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > ami ti proweri li da ne si si delnal user-a root ?
> > (glupaw wypros)...
> >
> > ta proweri li da ne sa te trojanizirali ?
> > shtoto e normalno da sreshtash takiwa anomalii ako sa te troqnizirali...
> > posle ti siguren li si che na otsreshtnata mashina /etc/hosts.allow te
> > puska shtoto slack 7.1 e s OpenSSH ako ne se lyva
> > a toj gleda /etc/hosts.allow
> >
> > proweri i shella na user root w /etc/passwd
> > wiv dali imash i root:...... w /etc/shadow
> >
> > On Wednesday 25 April 2001 20:09, you wrote:
> > > ---------- Forwarded message ----------
> > > Date: Wed, 25 Apr 2001 20:06:15 +0300 (EEST)
> > > From: Marian Popov <mano@xxxxxxxxxxxxxxxxxx>
> > > To: lug-bg@xxxxxxxxxxxxxxxxxx
> > > Subject: lug-bg: remote connect
> > >
> > > Zdraveite.
> > >
> > > Izvednyj neshto stana s telneta i ssh-a mi.
> > > Sega ne moga da se connectna ot nikyde po nikakyv nachin.
> > >
> > > Eto greshkata koiato mi dava.
> > >
> > > Trying 127.0.0.1...
> > > Connected to localhost.
> > > Escape character is '^]'.
> > > Connection closed by foreign host.
> > >
> > > Tova e s telnet.
> > > Proverih v /etc/hosts.allow i hosts.deny ama sichko si e nared.
> > > Proverih i /etc/login.access i tam sichko e nared.
> > >
> > > S ssh:
> > >
> > > root@gateway:~# ssh -l mano localhost
> > > mano@localhost's password:
> > > Permission denied, please try again.
> > > mano@localhost's password:
> > >
> > >
> > > Tova se povtaria dokyto ne me izrita kato kuche
> > >
> > > Iskam oshte da vi kaja che vidiah stranni messages
> > >
> > > Apr 25 19:55:40 gateway inetd[27629]: getpwnam: root: No such user
> > > Apr 25 19:55:40 gateway inetd[75]: pid 27629: exit status 1
> > > Apr 25 19:55:56 gateway inetd[27630]: getpwnam: root: No such user
> > > Apr 25 19:55:56 gateway inetd[75]: pid 27630: exit status 1
> > > Apr 25 19:56:18 gateway inetd[27633]: getpwnam: root: No such user
> > > Apr 25 19:56:18 gateway inetd[75]: pid 27633: exit status 1
> > >
> > >
> > > Tova e /var/log/messages
> > >
> > >
> > > Stana i oshte edno chudno neshto.
> > >
> > > Kato se logna kato user anonymous v ftp-to si i ne vijdam nito edna
> > > direktoria. Obache ako se logna s username i password vijdam vsichko.
> > > A ne sym baral absoliutno nisthto.
> > >
> > >
> > > Blagodaria vi predvaritelno.
> > >
> > > Slackware 7.1 e distribuciata.
> > >
> > >
> > >
> > > =======================================================================
> > >==== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
> > > Zagora
> >
> > - --
> > - -===============================================================-
> > - - Regards, AngelFire -
> > - - Stanislav Lechev <firedust@xxxxxxx> -
> > - - PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc -
> > - -===============================================================-
> > Everyone is a genius.
> > It's just that some people are too stupid to realize it.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.4 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE659pU8RPXBhiMqewRAktHAJ46xBYwggyd6+83Cjfk3rxvBbT4XQCdF31z
> > eBs2Y6gS7Sc2Y86q7Bf0RE0=
> > =bYN+
> > -----END PGP SIGNATURE-----
> > =========================================================================
> >== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
> > Zagora
>
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
- --
- -===============================================================-
- - Regards, AngelFire -
- - Stanislav Lechev <firedust@xxxxxxx> -
- - PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc -
- -===============================================================-
Everyone is a genius.
It's just that some people are too stupid to realize it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE65+tb8RPXBhiMqewRAllVAJ0Zm3fwx7vYhC4q1SgJTMechOtRiwCeI2Gi
wlgIYnZtPS0ZcWSkGEUF4vs=
=z7cD
-----END PGP SIGNATURE-----
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|