Re: Ahhh Hacked!

To: Bill Sica <BSica3@cfcs.stier.org>
From: John Davis <jdavis@epochia.com>
Date: Thu, 31 Dec 1998 11:26:20 -0800 (PST)
cc: "Smaug (E-mail)" <smaug@realms.game.org>
Content-Length: 1184
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <156026A65D38D211991B00A0C9D63FF807DCEC@cfcs.stier.org>

On Thu, 31 Dec 1998, Bill Sica wrote:

> I'm going to be writing a similar message to the Amnuts people, but. Is is
> possible, and how hard is it for someone to make an account though smaug,
> then get access to delete the /var/log files? And does smaug use port 111
> (rpc port binding) for anything. I'm just trying to cover my own butt now,
> cause I really didn't tell anyone that I was going to start a mud up on the
> server... oops. Incedently, I think the hacking was done using something
> called eggdrop?? If anyone cares. Hope this is kinda on topic.
> 

Unless you are running your mud as root, or suid root (in which case you
deserve to be hacked), it can't really do anything bad.  worst case is if
someone was real crafty they could delete the smaug files. No smaug
doesn't use port 111, rpc stands for remote procedure call, the attacker
was trying to run something remotely on that gov't computer.  and finally
eggdrop is an IRC bot if i remember correctly, though i am probably wrong.
i would of course suggest completely reinstalling your OS from scratch.
crackers are pretty tricky about leaving themselves nice little backdoors
laying all over the place.

john

References:
- Ahhh Hacked!
  - From: Bill Sica <BSica3@cfcs.stier.org>

Prev by Date: Re: Guns...I know...I know....
Next by Date: subscribe
Prev by thread: Ahhh Hacked!
Next by thread: Re: Ahhh Hacked!