Server hacked?
NoOp
glgxg at sbcglobal.net
Tue Jan 1 22:48:47 UTC 2008
On 01/01/2008 02:00 PM, Joris Dobbelsteen wrote:
>
> The box has PostFix, PowerDNS, Apache2 and SSH exposed to the Internet.
> Unfortunally its connected to the single LAN segment I have at home.
> Fortunally I have a strict firewall that doesn't allow IRC out (I don't
> use it, so I do not need to allow it).
>
[snips]
> tcp 0 1 192.168.10.xx:60278 216.152.66.47:6667
> SYN_SENT 15412/[kjournald]
> [trusted entries removed]
>
>
You have been hacked. There are a variety of trojans (linx related) that
use port 6667:
http://www.cert.org/advisories/CA-2002-24.html
<http://www.google.com/search?hl=en&q=Linux+trojan+%2B6667&btnG=Search>
<http://www.symantec.com/security_response/writeup.jsp?docid=2006-021417-0144-99&tabid=2>
<http://www.doshelp.com/Ports/6667.htm>
Is the system fully updated with all the recent Ubuntu patches/updates?
If so, you may want to contact the Ubuntu security team to let them know
and have them take a look.
https://launchpad.net/~ubuntu-security
https://bugs.launchpad.net/~ubuntu-security/
https://bugs.launchpad.net/debian/+source/ircii-pana/+bug/129771
[remote IRC servers can execute arbitrary commands]
More information about the ubuntu-users
mailing list