[Dshield] team amber alert server compromised
marshm at anycast.net
Sat Aug 19 22:51:33 GMT 2006
First, there are *plenty* of good open source tools for keeping any Linux
Second, please contact me directly to outline a path to preserving your
existing HD for forensic evidence.
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Family Beistle
Sent: Saturday, August 19, 2006 3:04 PM
To: list at lists.dshield.org
Subject: [Dshield] team amber alert server compromised
Team Amber Alert is a non profit public charity ... My linux server was
taken over ... I am in need of advice how to preserve the HD image to
download it for forensic review prior to reload ... Ev1 was not very
informative as they did not want to give advice to incur liability ... I am
in hopes some one could donate time to help trak down these hacks and
scripters ... For now I am in damage control to determine level and swift
measure to follow to restore secure services once again for now I am
preparing to slave the HD and place new restore on the virgin HD /... What
to do with the poisoned HD and how to preserve the evidence to have if I can
bring them to justice ... for now I am dealing with the exposed server and
the lack of reasonable open source tools for Linux Servers to remain secure
... thank for Dshield and all who comment ... The is a notice that any who
were attacked by our ip please advise and preserve copies of the material
etc please let me know ... at this point I have no clue the type of
compromise but that a tmp folder was opened and operating code ... had had
disabled that so I believe the whole server must be compromised passwords
and all ... I will be offline shortly to stop further attacks while I clean
806 853 9400
red hat linux server at EV1
Try Live.com: where your online world comes together - with news, sports,
weather, and much more.
SANS Network Security 2006 - Las Vegas NV October 1st-9th.
Wide selection of 1-6 Day Courses. Top Instructors!
Details: isc.sans.org/clickcount.php?ad=1 (use Brochurcode "ISC")
"Best IT Security return on Investment" (Mario Chiock, Schlumberger)
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.3/423 - Release Date: 8/18/2006
More information about the list