To whoever hacked into my Database

Ferrous Cranus nikos.gr33k at gmail.com
Thu Nov 14 11:46:29 CET 2013


Στις 13/11/2013 11:46 μμ, ο/η Ferrous Cranus έγραψε:
> root at secure:~/lib64# ls -al | grep libkey
>
> lrwxrwxrwx 1 root root 20 Jun 22 2012 libkeyutils.so.1 ->
> libkeyutils.so.1.3.0*
> -rwxr-xr-x 1 root root 10192 Jun 22 2012 libkeyutils.so.1.3*
> -rwxr-xr-x 1 root root 32920 Jun 22 2012 libkeyutils.so.1.3.0*
>
> root at secure:~/lib64# rpm -qf libkeyutils.so.1.3.0
> file /lib64/libkeyutils.so.1.3.0 is not owned by any package
>
> ================================
>
> It appears that my server has been compromised with a malicious payload
> designed to sniff for and steal server passwords.
>
> This must have happened when i was handling my root passwords out in the
> open.
>
> Served me well.



Can somebody explain to me why there is so many failed attempts to login 
into my linux server under various user accounts?

http://i.imgur.com/5PaZAWu.png

I mean is this some normal background radiation of the Internet or is 
something directed to me?

Does this happen on your servers at this extend too?



More information about the Python-list mailing list