Well, the server was hacked, but
it looks to be a customer account was compromised, since the executables
where owned by a customer account, the processes were running on
unpriviledged ports, and the server was being used as part of denial of
service attacks, with executables hidden under a hidden directory in
/var/tmp
.
Fortunately, the system hacked is running Linux without module
support, so patching system
calls to hide activity is impossible without a reboot (which would be
noticed).
And as always, it could have been
worse.
You have my permission to link freely to any entry here. Go
ahead, I won't bite. I promise.
The dates are the permanent links to that day's entries (or
entry, if there is only one entry). The titles are the permanent
links to that entry only. The format for the links are
simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are
interested in, say 2000/08/01,
so that would make the final URL:
https://boston.conman.org/2000/08/01
You can also specify the entire month by leaving off the day
portion. You can even select an arbitrary portion of time.
You may also note subtle shading of the links and that's
intentional: the “closer” the link is (relative to the
page) the “brighter” it appears. It's an experiment in
using color shading to denote the distance a link is from here. If
you don't notice it, don't worry; it's not all that
important.
It is assumed that every brand name, slogan, corporate name,
symbol, design element, et cetera mentioned in these pages is a
protected and/or trademarked entity, the sole property of its
owner(s), and acknowledgement of this status is implied.