1998-10-29 - Rootshell.com hacked via SSH

Header Data

From: Lucky Green <shamrock@cypherpunks.to>
To: cypherpunks@cyberpass.net
Message Hash: 1173b717f8714b0be8cb6d79725c9bda4274f89c6c5bc23bf0ece1cad6f99edc
Message ID: <Pine.BSF.3.96.981029015104.8433A-100000@pakastelohi.cypherpunks.to>
Reply To: N/A
UTC Datetime: 1998-10-29 01:38:06 UTC
Raw Date: Thu, 29 Oct 1998 09:38:06 +0800

Raw message

From: Lucky Green <shamrock@cypherpunks.to>
Date: Thu, 29 Oct 1998 09:38:06 +0800
To: cypherpunks@cyberpass.net
Subject: Rootshell.com hacked via SSH
Message-ID: <Pine.BSF.3.96.981029015104.8433A-100000@pakastelohi.cypherpunks.to>
MIME-Version: 1.0
Content-Type: text/plain



Anybody here have any idea how this was done? This one has me rather
concerned...

http://www.rootshell.com/beta/news.html

On Wed Oct 28th at 5:12AM PST the main Rootshell page was defaced by a
group of crackers. Entry to the machine was made via SSH (secure shell)
which is an encrypted interface to the machine at 04:57AM PST this
morning. Rootshell was first informed of this incident at 6:00 AM PST and
the site was immediately brought offline. The site was back up and
operational by 8:00AM PST.

We are still in the process of investigating the exact methods that were
used. The paranoid MAY want to disable ssh 1.2.26. Rootshell runs Linux
2.0.35, ssh 1.2.26, qmail 1.03, Apache 1.3.3 and nothing else. The
attackers used further filesystem corruption to make it harder to remove
the damaged HTML files.



-- Lucky Green <shamrock@cypherpunks.to> PGP v5 encrypted email preferred.





Thread