This blog post details a guy’s ad hoc investigation of a Linux server that was compromised and turned into a zombie. Basically, the “hacker” came in, installed a root kit, an SSH back door, and an IRC bot for command and control. The post gives all the steps that the “investigator” goes through, and provides a lot of detail and screen captures.
I find it somewhat entertaining, since it’s almost exactly what I went through investigating a very similar situation several (probably nine) years ago, on my friend’s server. I actually ended up talking to the attacker in his IRC channel, and he was nice enough to tell me how he broke in. Those were the good old days…
Post a Comment