GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Running Nats? BLOCK THIS IP NOW

SplitInfinity · 10-30-2006, 12:39 AM

So far we know he is somehow gaining root access through mysql to servers
that he targets which run nats. Nats is not the insecure item. Its mysql I believe. Im going throught the c sources tommorrow and ill let you know what the proggie is actually doing.

One thing you always need to make sure of if that any sniffers they installed are killed or made useless.

I found where his sniffer was creating a lock file and I made my own file there that was not readable or writeable with chattr and that cause his sniffer to segfault thus disclosing its location (error message disclosed path to program).

10-30-2006, 12:39 AM
SplitInfinity Confirmed User Join Date: Dec 2002 Location: San Diego, CA Posts: 3,047	So far we know he is somehow gaining root access through mysql to servers that he targets which run nats. Nats is not the insecure item. Its mysql I believe. Im going throught the c sources tommorrow and ill let you know what the proggie is actually doing. One thing you always need to make sure of if that any sniffers they installed are killed or made useless. I found where his sniffer was creating a lock file and I made my own file there that was not readable or writeable with chattr and that cause his sniffer to segfault thus disclosing its location (error message disclosed path to program).