Jump to content
Sign in to follow this  
tecnolive

Server compresso (libkeyutils.1.9)

Recommended Posts

Adesso lo dico solo per la terza volta, poi se volete ascoltate altrimenti amici come prima.

 

E' UN KEYLOGGER SUL PC DI CHI SI CONNETTE, a quanto pare. Alcuni azzardano anche bug in java ma non si sa. Non conta la lunghezza della password e non contano eventuali comandi sudo perchè LOGGA TUTTO.

 

Chiaro? L'unica è usare una chiave.

Share this post


Link to post
Share on other sites

Ok GrG posso essere d'accordo con te... MA!!!

 

1) Quando accedono a ssh arriva una email di avviso, e non è arrivato un avviso di accesso...

2) L'accesso a ssh è abilitato solo al nostro ip

 

Come me lo spieghi ?

Share this post


Link to post
Share on other sites

Forse abbiamo trovato l'inghippo... non ci posso credere!!!

 

Hello,

 

Everything that we know about this payload and identifying it can be found here:

 

Determine Your System's Status

 

As mentioned on that page, it is plausible that this compromise is related to a recent security issue cPanel, Inc. has experienced recently.

 

On February 21 we discovered that one of the proxy servers we utilize in the technical support department had been compromised. The cPanel Security Team’s investigation into this matter is ongoing.

 

The full explanation of what we know at this point as well as what actions we've taken (and plan to take) are listed in the below announcement:

 

cPanel, Inc. Announces Additional Internal Security Enhancements | cPanel, Inc.

 

As far as your server, a proper OS Reload and restore (as per any other root-level compromise) will address this issue and allow you to resume work as usual with your server.

 

If you would like cPanel staff to perform the server migration for you, please let me know and I can get you started with one of our Migration Specialists. To migrate for you, we will request that you setup a 2nd server with at least a base CentOS/RHEL installation on it that has sufficient server resources to accommodate this server's accounts and usage. From there, we can take over and perform the cPanel install a well as migrate all accounts for you to the new clean server.

 

If you have any further questions regarding this situation, please do let me know.

 

Thank you.

Share this post


Link to post
Share on other sites

Esatto, il bug pare esser sempre lo stesso. Praticamente invece che aver preso a te la password l'hanno presa a loro, il principio è lo stesso.

 

Non mi è chiaro come mai tu non abbia ricevuto la mail però, a me la spiegazione sembrava abbastanza dritta E agli altri a cui è successa sta cosa qualcosa nei log rimane.

 

Non so cosa dire, sicuramente è legato.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×