Weird Perl problem solved
Dan Lester
dan at 84.com
Fri Jan 14 17:22:50 EST 2000
Well, as I was beginning to suspect when I posted to these lists, the
problem wasn't with Perl or our script.
telnet.pm could telnet to other U**x boxes, from various machines. We
finally isolated it to not being able to telnet to the particular Sun
Solaris 2.5.1 computer it needed to connect to. At long last we realized
that the answer was simple: we'd been hacked. The telnetd had been
replaced with a different version within the two hour block when we knew
something went wrong. The replacement version is about one third larger,
and we hope that those who know enough about it can figure out if it was
trapping and transmitting login info or something else. This may take a
while, of course. Meanwhile, all passwords are being changed. We're also
looking for other artifacts of the intrusion.
If any of you want to discuss it further off list, have suggestions on
security, etc, etc, I'd love to hear them.
And most of all, I want to thank all of you who replied personally to me
with a variety of useful suggestions that turned out to not be the answer,
but helped us finally focus on what the problem was (and perhaps still is).
I guess this is our Y2K adventure....even though it started on 12/22/99.
cheers
dan
--
Good, Fast, and Cheap: Which two of the three would you like?
Dan Lester, 3577 East Pecan, Boise, ID 83716 USA 208-383-0165
dan at 84.com http://www.84.com/ http://www.postcard.org/
More information about the Web4lib
mailing list