[plug] hacked server - language interpretation

Ben Jensz plug at jensz.id.au
Fri Dec 2 08:39:45 WST 2005


Its probably a pre-made script, so it was probably just a random script 
kiddie who exploited a well known vulnerable service.  Wiping the box 
and starting from scratch is the only way you'll be sure you've gotten 
rid of them.  Otherwise you won't know for sure whats hiding on the box.


/ Ben


Jon Miller wrote:

>Can someone interpret the following:
> 
>echo "**************** PRIVATE SCANNER ! *****************"
>echo "*** HACK ATTACKS, ILLEGAL ACTIVITY, SCANS, SPAM. ***"
>echo "************ Special pt. Hunter & FLO **************"
>echo "----------------------------------------------------"
>echo "# incep scanarea frate.."
>./pscan2 $1 22
>
>sleep 10
>cat $1.pscan.22 |sort |uniq > mfu.txt
>oopsnr2=`grep -c . mfu.txt`
>echo "# Am gasit $oopsnr2 de servere"
>echo "----------------------------------------"
>echo "# Succes frate !"
>./ssh-scan 100
>rm -rf $1.pscan.22 mfu.txt
>echo "Asta a fost tot :)"
>
>One of our clients servers wa either hacked from the outside or the inside and this is a line I found inside one of the scripts?  
>
>
>_______________________________________________
>PLUG discussion list: plug at plug.org.au
>http://www.plug.org.au/mailman/listinfo/plug
>Committee e-mail: committee at plug.linux.org.au
>  
>




More information about the plug mailing list