Tuesday, June 20, 2006

hacked

nice.

serversniff has a bunch of security-holes, and we are watching closely what people are doing here - and really, someone noticed that it was quite easy to get a glimpse of the mysql-log-database.

the evil hacker might have been a scriptkid, for he obviously got acces to the mysql-db, used an unkown (at least to major search-engines) mysql-exploit-script trying to create files on the system. the mysql-db died on the way to his goal.

the attacker created (and then deleted or emptied) several tables in the db mysql:

"SNOWHILL"
"db" - nice - contains all passwords from table "user" in cleartext!
"dat" - used to execute commands on the host
"fm" - contains php-code to upload files and execute commands
local - slightly different from "dat"
sploitdb - slightly different from "dat"
wip3r - slightly different from "dat"

It seems, that the guy used at least 4 slightly different exploits targeting to the same problem.

Better luck next time.

tom