GoFuckYourself.com - Adult Webmaster Forum - View Single Post

alex79 · 11-04-2006, 01:24 PM

They created a new user in mail group.. and installed a program called john from openwall.com locate at: ftp://dl.openwall.com:21/pvt/3d9a566...x-1.7.2.tar.gz
i detected this becouse my server was slow.. when i checked the proces was around 10 "john" top rocesses runing..

anybody know what is this program john they installed and runed on my server?

i still don't know how they entered on my server.. if they created a new user then they had root access or the user can be created under other user?

i've deleted the new user they created, changed the root and ftp password..what should i do next?

11-04-2006, 01:24 PM
alex79 Confirmed User Join Date: Jun 2002 Location: france Posts: 996	My server was hacked.. :( They created a new user in mail group.. and installed a program called john from openwall.com locate at: ftp://dl.openwall.com:21/pvt/3d9a566...x-1.7.2.tar.gz i detected this becouse my server was slow.. when i checked the proces was around 10 "john" top rocesses runing.. anybody know what is this program john they installed and runed on my server? i still don't know how they entered on my server.. if they created a new user then they had root access or the user can be created under other user? i've deleted the new user they created, changed the root and ftp password..what should i do next? __________________