You ain't all that.
Mon 10 October 2005 by jillianVery few things amuse me more than insignificant wannabes who think they can own my box for more than a few minutes. My system paged me last night about 5 minutes after some dork exploited a hole in Drupal 4.6.1 and started laying down tracks all over /tmp, /usr and /lib. Unfortunately for the snot-nosed little weasel, my machine is smarter than the average script kiddie and immediately detected something was amiss.
On the slightly sophisticated side, the attacker used chattr to try to make clean-up a bit more difficult for me, denying the removal, replacement or renaming of offending files. However, the idiot pulled down a rootkit that should have replaced a number of system utilities and didn't even use it to cover tracks. What a loser.
Unfortunately for me, when such things happen, I need to run a full analysis to be sure they didn't leave anything behind. Believe it or not, that is easier and takes less time than restoring from known-good backups. So, a few hours later of letting the machine do most of my dirty work and confirming key details by hand, and we're back up, patched and running.
I have to assume the little spaz got the password files. So, everybody better change their passwords.
And to the script kiddie from 206.57.225.86 with your lame-o xmlrpc exploit... You ain't all that. You're nothing. Grow up and get a real hobby. I eat bottom-feeders like you for breakfast.