27 Sep 2005
Yesterday evening while struggeling to keep up with work I noticed my internet connection was acting strangly. I checked my server (which have a fairly small amount of visitors) to see who the visitor was and noticed that I had a strange connection:
shire:/var/www# netstat -tanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN 1770/inetd
tcp 0 0 0.0.0.0:31337 0.0.0.0:* LISTEN 3694/httpd -DSSL
tcp 0 0 0.0.0.0:9 0.0.0.0:* LISTEN 1770/inetd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1822/mysqld
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1985/smbd
tcp 0 0 0.0.0.0:13 0.0.0.0:* LISTEN 1770/inetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1606/portmap
tcp 0 0 0.0.0.0:55443 0.0.0.0:* LISTEN 3727/httpd -DSSL
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1969/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1985/smbd
tcp 0 0 127.0.0.1:669 0.0.0.0:* LISTEN 1765/famd
tcp 0 0 10.0.255.1:34904 22.214.171.124:6667 ESTABLISHED13538/pscan2
tcp 0 0 10.0.255.1:139 10.0.0.5:1034 ESTABLISHED31714/smbd
tcp6 0 0 :::993 :::* LISTEN 1757/couriertcpd
tcp6 0 0 :::143 :::* LISTEN 1739/couriertcpd
tcp6 0 0 :::22 :::* LISTEN 2044/sshd
tcp6 0 0 :::25 :::* LISTEN 1969/master
httpd -DSSL is running and
pscan2. The above is missing a suspecious
bash process that I found located in
/tmp. I killed the process before I got the great idea that I wanted to blog about it. In
/tmp/.heva I found all the files used for this hack (I hope) including the compressed file
cbk.tar.gz, which I guess was used to transport it all into my server.
ps aux to see which processes where running and identified that the suspecious processes was started by www-data (the webserver user on Debian).
I assume that the intruder came in through either a security hole in one of the php-applications on my webserver or because Apache wasn’t updated with the latest security patches from Debian.
I found a cron script installed by
www-data by running:
shire:/tmp# su - www-data -c 'crontab -l'
* * * * * /tmp/.heva/.cbk/y2kupdate >/dev/null 2>&1
I deleted it by running:
shire:/tmp# su - www-data -c 'crontab -r'
21 Sep 2005
Today I recieved my Ubuntu Hoary CD’s YAY… To bad I have been running Breezy for almost a month now :-D
Anyways - I got a version for Power PC and for AMD 64… I know just for whom ;)
19 Aug 2005
A few days ago I updated my Ubuntu Breezy (developer preview of the new Ubuntu Linux), and the next day X (The grapical environment) wasn’t able to start. It suddenly didn’t automatically find my mouse at startup.
It seems I have beenhit by this bug.
17 Aug 2005
A few days ago i tried to make Sid Meiers Pirates run again with WINE.
As usual when trying to install the game I got the following:
Well that didn’t stop me this time. I started to copy Pirates from my Windows XP partition to my fake WINE Windows drive (notice the cool new GNOME 2.12 copy dialog.
Now I tried to start Pirates again but this time I got a message about missing 2 dll files:
You can find them by searching on Google
I copied the files to my fake Windows’ system folder ie.
Finally I applied a No-CD-patch and was now able to start the game, where I was greeted by a… black screen for a long time.
I’m serious…. a VERY long time.
I’m telling you - it’s still there ;)
Then finally I was presented with the title menu. YEAH!
I think I fiddled a little with some settings before I dared try starting the game. Now a long waiting time again. But you don’t wanna go fetch coffe because you want to see this ;)
Woah, I see an ingame movie… cool. I was so quickly taking the screenshot, that the menu didn’t get time to disappear. They call my Lucky Luke ;-)
I’m actaully able to choose with whom I want to got to the new world. The grey man was a little to creepy so England it was.
Long wait time…. again, and no movie of me fighting the captain - perhaps I accidentally hit a key, dunno. Well suddenly I saw a little ship sailing and joy filled my body - YES!… and before I knew it the game had crashed. :-( Perhaps tweaking with the video setting and stuff might make the game somewhat playable :-)
The few screenshots I created was worth it all. See you on the other side.
17 Aug 2005
I have moved my server from my parents low bandwith to my own low bandwidth DSL connection… so I’m the only one (when I’m at home) who enjoys my speedy weblog :-D