Weird Perl problem solved

Dan Lester dan at 84.com
Fri Jan 14 17:22:50 EST 2000


Well, as I was beginning to suspect when I posted to these lists, the 
problem wasn't with Perl or our script.

telnet.pm could telnet to other U**x boxes, from various machines.  We 
finally isolated it to not being able to telnet to the particular Sun 
Solaris 2.5.1 computer it needed to connect to.  At long last we realized 
that the answer was simple:  we'd been hacked.  The telnetd had been 
replaced with a different version within the two hour block when we knew 
something went wrong.  The replacement version is about one third larger, 
and we hope that those who know enough about it can figure out if it was 
trapping and transmitting login info or something else.  This may take a 
while, of course.  Meanwhile, all passwords are being changed.  We're also 
looking for other artifacts of the intrusion.

If any of you want to discuss it further off list, have suggestions on 
security, etc, etc, I'd love to hear them.

And most of all, I want to thank all of you who replied personally to me 
with a variety of useful suggestions that turned out to not be the answer, 
but helped us finally focus on what the problem was (and perhaps still is).

I guess this is our Y2K adventure....even though it started on 12/22/99.

cheers

dan

--
Good, Fast, and Cheap: Which two of the three would you like?
Dan Lester, 3577 East Pecan, Boise, ID 83716 USA 208-383-0165
dan at 84.com   http://www.84.com/  http://www.postcard.org/



More information about the Web4lib mailing list