Note to admin/mods: Please do not delete this post or move it to a category where it won't get the attention it deserves.
We have a secure remote Ubuntu 10.04 desktop which has been compromised.
ISSUE: the system has been compromised as it is being used as a name server for the following 46 domains:
46 Nameservers seen on 88.208.229.248:
NS1.GOOGLE-STA.COM
- google-sta.com
NS1.GOOGLE-STA.NET
- google-sta.net
NS1.GOOGLE-STS.COM
- google-sts.com
NS1.GOOGLE-STS.NET
- google-sts.net
NS1.MICROSOFT-BS.COM
- microsoft-bs.com
NS1.MICROSOFT-BT.COM
- microsoft-bt.com
NS1.MICROSOFT-BX.COM
- microsoft-bx.com
NS1.MICROSOFT-ID.COM
- microsoft-id.com
NS1.MICROSOFT-NB.COM
- microsoft-nb.com
NS1.MICROSOFT-NI.COM
- microsoft-ni.com
NS1.PAYPAL-ES.COM
- paypal-es.com
NS1.PAYPAL-ES.NET
- paypal-es.net
NS1.POSTBANK-BX.COM
- postbank-bx.com
NS1.POSTBANK-DL.COM
- postbank-dl.com
NS1.POSTBANK-ED.COM
- postbank-ed.com
NS1.POSTBANK-EF.COM
- postbank-ef.com
NS1.POSTBANK-EL.COM
- postbank-el.com
NS1.POSTBANK-FH.COM
- postbank-fh.com
NS1.POSTBANK-FN.COM
- postbank-fn.com
NS1.POSTBANK-IN.COM
- postbank-in.com
NS1.POSTBANK-OQ.COM
- postbank-oq.com
NS1.POSTBANK-VJ.COM
- postbank-vj.com
NS1.POSTBANK-VR.COM
- postbank-vr.com
NS2.GOOGLE-STA.COM
- google-sta.com
NS2.GOOGLE-STA.NET
- google-sta.net
NS2.GOOGLE-STS.COM
- google-sts.com
NS2.GOOGLE-STS.NET
- google-sts.net
NS2.MICROSOFT-BS.COM
- microsoft-bs.com
NS2.MICROSOFT-BT.COM
- microsoft-bt.com
NS2.MICROSOFT-BX.COM
- microsoft-bx.com
NS2.MICROSOFT-ID.COM
- microsoft-id.com
NS2.MICROSOFT-NB.COM
- microsoft-nb.com
NS2.MICROSOFT-NI.COM
- microsoft-ni.com
NS2.PAYPAL-ES.COM
- paypal-es.com
NS2.PAYPAL-ES.NET
- paypal-es.net
NS2.POSTBANK-BX.COM
- postbank-bx.com
NS2.POSTBANK-DL.COM
- postbank-dl.com
NS2.POSTBANK-ED.COM
- postbank-ed.com
NS2.POSTBANK-EF.COM
- postbank-ef.com
NS2.POSTBANK-EL.COM
- postbank-el.com
NS2.POSTBANK-FH.COM
- postbank-fh.com
NS2.POSTBANK-FN.COM
- postbank-fn.com
NS2.POSTBANK-IN.COM
- postbank-in.com
NS2.POSTBANK-OQ.COM
- postbank-oq.com
NS2.POSTBANK-VJ.COM
- postbank-vj.com
NS2.POSTBANK-VR.COM
- postbank-vr.com
I am the only one who has ever accessed this server. How could this happen?
How do we correct this issue? Better yet, how do we remove the name server functionality of Ubuntu?
Any help is appreciated.
Bookmarks