The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Sunday, January 30, 2000

Now that's darned rude!

It's 5:30. I'm with some friends when I get beeped. It's my home number. I call. It's my roommate. His RedHat 6.0 box was hacked. What should he do?

I mention a few things to look for, but it looks bad. Who ever broke in either got spooked, or was feeling malicious and the final two commands we found in the .bash_history file were:

rm -rf /var/log
rm -rf /*

My roommate, Rob, managed to stop it before it did more damage, but they still wiped out /boot, /bin and parts of /dev. Using Tom's RootBoot disk he was able to survey the damage and then waited until I got home.

From what I've been able to determine, it appears that some script kiddie was running a program to look for exploitable boxes (RedHat 6.0) because around noon yesturday someone tried to FTP into my box and Rob's other box from Harvard. This said script kiddie then had a list of hosts to exploit today and Rob's box was broken into and damaged around 5:30 pm EST.

Breaking in and looking around is one thing. Maliciously deleting files is another.

Obligatory Picture

[The future's so bright, I gotta wear shades]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.