Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

IlyaM (2933)

IlyaM
  ilya@martynov.org
http://martynov.org/

Journal of IlyaM (2933)

Friday September 20, 2002
01:06 PM

Time bomb

[ #7873 ]
Two days ago I've got an email from the guy who works for my dad. He wrote that his crontab entries went away. Instead his crontab had only one entry 'rm -rf /path/to/website/root/' which was supposed to be run on 1st January (he-he, happy New Year). I help my dad to admin his company website server so I was asked to look into this incident.

Damn, at first moment I though that we've been hacked but later research showed that it was "insider"'s work. An ex-employer still had account on this web server and moreover he still had permissions to use sudo to switch to root. It was dumb luck that he was so clueless that he overwrote crontab instead of adding new entry or making another better hidden time bomb. And of course with root right he could do much more harm. Apparently he did editing of some server logs to hide what he have done but he forgot to delete his ~/.bash_history :).


List all Journal entries
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Time bomb 0 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.