To whoever hacked into my Database

Ned Batchelder ned at nedbatchelder.com
Wed Nov 13 22:52:46 CET 2013


On Wednesday, November 13, 2013 4:46:59 PM UTC-5, Ferrous Cranus wrote:
> root at secure:~/lib64# ls -al | grep libkey
> 
> lrwxrwxrwx 1 root root 20 Jun 22 2012 libkeyutils.so.1 -> 
> libkeyutils.so.1.3.0*
> -rwxr-xr-x 1 root root 10192 Jun 22 2012 libkeyutils.so.1.3*
> -rwxr-xr-x 1 root root 32920 Jun 22 2012 libkeyutils.so.1.3.0*
> 
> root at secure:~/lib64# rpm -qf libkeyutils.so.1.3.0
> file /lib64/libkeyutils.so.1.3.0 is not owned by any package
> 
> ================================
> 
> It appears that my server has been compromised with a malicious payload 
> designed to sniff for and steal server passwords.
> 
> This must have happened when i was handling my root passwords out in the 
> open.
> 
> Served me well.

This has nothing to do with the topic of this mailing list.  Please don't post it here.

--Ned.



More information about the Python-list mailing list