Date: Mon, 6 May 2002 22:24:37 -0700 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Sam Drinkard <sam@wa4phy.net> Cc: security@FreeBSD.ORG Subject: Re: Woot project Message-ID: <20020506222437.F89339@blossom.cjclark.org> In-Reply-To: <3CD72712.37CB5750@vortex.wa4phy.net>; from sam@wa4phy.net on Mon, May 06, 2002 at 09:00:02PM -0400 References: <3CD72712.37CB5750@vortex.wa4phy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 06, 2002 at 09:00:02PM -0400, Sam Drinkard wrote:
> Hello list,
>
> I just discovered I have been hacked on my main webpage from
> apparently the Woot project kiddies. I assume, right after the attack,
> I received an email from some outfit called alldas.org. My problem is
> this. According to what I have read about the woot project, access is
> gained by portscanning for the presence of SSH-1. I don't have SSH-1 or
> 2 active at the moment, so I'm wondering how access was gained. Have
> searched all the log files for unusual activity, and nothing is apparent
> so far. The message left at the bottom of my main page was:
>
> FreeBSD vortex.wa4phy.net 4.5-STABLE sexcii... - [sYn] of woot-project
>
> Aside from the SSH-1 vulunerabilities, is there any other known
> entry points associated with this cracker group?
CGI bugs.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020506222437.F89339>