Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Server has been compromised
Special Forums Cybersecurity Server has been compromised Post 302756971 by Neo on Wednesday 16th of January 2013 11:53:11 PM
Old 01-17-2013
Scissors
Quote:
Originally Posted by franx47
If there's no satisfy answers from ppl in this forum, I think this will be my last post. I'm tired. I think I'm just asking for simple question, but none answered my question at all. Wonder if in this big UNIX forum, no one ever dealt with IRC botnet. Huft..

Thanks all.
Great! Then that means I can close this thread since you are not getting the wrong answer you seek in "this big UNIX forum".

For your information, I have had to deal with compromised servers at least (off the top of my head) 20 times in my career; and have many years experience in security.

You, on the other hand, don't even keep a simple backup of your web server; and then you come here demanding easy answers from experts who have much more experience than you, and then you begin to either insult or bully them when they tell you the right answer.

So, since you are not willing to listen and learn, and instead going to being hurling insults to the forum out of frustration, I'm closing this thread because we have already told you want you need to do.

Since you have chosen not to do as we have advised, and are now starting to hurl insults at the forums. This thread is now closed.
This User Gave Thanks to Neo For This Post:
Scott
 

9 More Discussions You Might Find Interesting

1. IP Networking

in.telnetd[5115] -- compromised?

/* Linux Slackware */ looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful.. Body of Messages log... (1 Reply)
Discussion started by: LowOrderBit
1 Replies

2. Solaris

NFS write failed for server.....error 11 (RPC: Server can't decode arguments)

Hello! I have a Linux nfs server (called server100 below) with a export nfs. My problem is that the Solaris client (called client100 below) doesn't seems to like it. In the Solaris syslog I got following messages (and after a while the solaris client behave liked its hanged/to buzy). Also see... (3 Replies)
Discussion started by: sap4ever
3 Replies

3. Windows & DOS: Issues & Discussions

Office server => laptop =>client server ...a lengthy and laborious ftp procedure

Hi All, I need your expertise in finding a way to solve my problem.Please excuse if this is not the right forum to ask this question and guide me to the correct forum,if possible. I am a DBA and on a daily basis i have to ftp huge dump files from my company server to my laptop and then... (3 Replies)
Discussion started by: kunwar
3 Replies

4. Shell Programming and Scripting

KSH fetching files from server A onto server B and putting on server C

Dear Friends, Sorry for this basic request. But I just started learning Ksh recently and still I am a newbie in this field. Q: I have files on one server and the date format is 20121001000009_224625.in which has year (yyyy) month (mm) and date (dd). I have these files on server A. The task... (8 Replies)
Discussion started by: BrownBob
8 Replies

5. Shell Programming and Scripting

Connect to server-1 from server-2 and get a file from server-1

I need to connect to a ftp server-1 from linux server-2 and copy/get a file from server-1 which follows a name pattern of FILENAME* (located on the root directory) and copy on a directory on server-2. Later, I have to use this file for ETL loading... For this I tried using as below /usr/bin/ftp... (8 Replies)
Discussion started by: dhruuv369
8 Replies

6. Shell Programming and Scripting

Shell script to copy a file from one server to anther server and execute the binary

Hi , Is there any script to copy a files (weblogic bianary + silent.xml ) from one server (linux) to another servers and then execute the copy file. We want to copy a file on multiple servers and run the installation. Thanks (1 Reply)
Discussion started by: Nawrajesh
1 Replies

7. UNIX for Dummies Questions & Answers

Transfer file from server B to server C and running the script on server A

I have 3 servers A, B, C and server B is having some files in /u01/soa/ directory, these files i want to copy to server C, and i want to run the script from server A. Script(Server A) --> Files at Server B (Source server) --> Copy the files to Server C(Target Server). We dont have RSA key... (4 Replies)
Discussion started by: kiran_j
4 Replies

8. Solaris

Script to get files from remote server to local server through sftp without prompting for password

Hi, I am trying to automate the process of fetching files from remote server to local server through sftp. I have the username and password for the remote solaris server. But I need to give password manually everytime i run the script. Can anyone help me in automating the script such that it... (3 Replies)
Discussion started by: ssk250
3 Replies

9. UNIX for Dummies Questions & Answers

Please help my computer has been compromised

Hi everyone, I hope I am posting in the right spot and I really need some help. I am going through a horrible divorce and I am afraid that my husband has compromised . He set up my mac computer and router and for my job set up remote access for me. I caught him cheating on me and I think he... (6 Replies)
Discussion started by: kk243665
6 Replies

LEARN ABOUT MINIX

nonamed

NONAMED(8)						      System Manager's Manual							NONAMED(8)

NAME

       nonamed - not a name daemon, but acts like one

SYNOPSIS

       nonamed [-d[level]] [-p port] [-n address[/port]]

DESCRIPTION

       Nonamed	is  not  an Internet name daemon.  When started it immediately tries to find a real name daemon on the local network.  If it finds
       one then it will relay any DNS queries to that name daemon.  If it can't find one then it will do its best to answer simple  queries  using
       the /etc/hosts table for name to address translation.

       On  startup nonamed broadcasts up to five" simple UDP queries on the local network.  This is a somewhat nasty thing to do, because it makes
       all name servers on the net spring into action to answer the request.  The first name server to answer is used by  nonamed  to  answer  the
       queries	of  its  clients.  The broadcast search is repeated after an hour to give another name server a chance to be abused.  (It is quite
       normal for a host to use a remote name server.  The broadcasts are a bit unfriendly, but they only happen once an hour.)

       If a real name server is found then nonamed enters "relay mode", passing all queries on.  In relay mode the daemon cannot be  distinguished
       from a real DNS name daemon.

       Nonamed	accepts  both  UDP and TCP queries under Minix-vmd.  Under standard Minix only UDP queries are accepted.  256" relayed UDP queries
       can be outstanding before it forgets where the first one came from.

       In answer mode nonamed can answer simple DNS queries to translate a host name to an IP address, or an IP address to a host  name.   Suppose
       /etc/hosts looks like this:

	      127.0.0.1      localhost
	      192.9.200.1    darask.home.cs.vu.nl
	      192.9.200.2    burask.home.cs.vu.nl

       Then  queries  for  the host names listed can be answered with the IP addresses to the left of them.  If the name can't be found then it is
       retried with the domain name stripped of, this is because "localhost" is looked up  as  "localhost.home.cs.vu.nl"  in  the  above  example.
       Reverse lookups are answered with the first hostname on the line with the IP address.

       UDP  queries are immediately answered on startup if the answer can be found in the hosts file.  Failure answers, and answers to TCP queries
       are delayed until it decides that there are no real name servers out there.

       Nonamed employs several timeouts for efficient operation:

       If five" broadcasts, two seconds" apart fail to produce a name server on startup then it decides  that  there  are  no  real  name  servers
       around.

       After 1 hour" it will again look for a name server.  (We don't want to hog the same one indefinitely.)

       If no UDP reply is seen in .ds m1
	than  a  simple probe is sent the name server.	If that doesn't provoke an answer in two seconds" then it will look for a new name server.
       A failing TCP connection will also invoke a search, the TCP connection is then made to the new name server.  A client using UDP will  retry
       eventually,  a  client  using TCP will notice nothing but a short delay.  The daemon drops back into answer mode if the search fails and it
       has a hosts file with a "localhost" entry.

       It waits five minutes" for any action on a TCP stream before the connection is aborted.

       In answer mode it will generate data with a TTL (time to live) of 1 hour".

OPTIONS

       The options are only useful when debugging nonamed, although it can be very instructive to watch DNS queries being done.

       -d[level]
	      Set debugging level to level (a single digit, by default 1.)  Debug mode 1 makes nonamed decode and  display  the  DNS  queries  and
	      replies  that  it  receives,  sends  and	relays.   The  decoding  only handles the common cases.  In debug mode 2 it prints tracing
	      information about the internal jobs it executes.	In debug mode 3 it core dumps when an error causes  it	to  exit.   The  debugging
	      level may also be increased by 1 at runtime by sending signal SIGUSR1 or turned off (set to 0) with SIGUSR2.

       [-p port]
	      Port to use instead of the normal domain port.

       [-n address[/port]]
	      Use  this  IP  address  and port to find a real name server.  It can be used to make nonamed relay to another nonamed.  (They do not
	      listen to broadcasts, of course.)  You can run two daemons on one machine if you choose a new port number for one of them.  You  can
	      force nonamed out of relay mode by sending it a hangup signal.

FILES

       /etc/hosts     Hosts to address translation table when in answer mode.

SEE ALSO

       gethostbyname(3), resolver(3), hosts(5), set_net_default(8), boot(8), inetd(8), irdpd(8), rarpd(8).

NOTES

       You can specify a remote name server in /etc/resolv.conf to circumvent nonamed.	But then you lose its talent for automatically finding new
       name servers when the remote name server becomes unreachable.

       Don't add a "localhost" entry to the hosts file if there are remote name servers.  It makes nonamed drop back in answer	mode  on  a  flaky
       network.

BUGS

       If  you	can  get  a  remote nonamed to listen to your name server then you can make it believe anything you want to.  You need access to a
       machine on the same subnet of course.

AUTHOR

       Kees J. Bot (kjb@cs.vu.nl)

																	NONAMED(8)
All times are GMT -4. The time now is 06:20 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy