Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. Re: Extra cron process (Chris)
2. Re: Extra cron process (Martin Moore)
3. KT Christmas Meeting This Saturday (Peter Hemmings)
4. Re: KT Christmas Meeting This Saturday (Sebastian)
----------------------------------------------------------------------
Message: 1
Date: Wed, 17 Dec 2014 18:46:26 +0000
From: Chris <cshorler@googlemail.com>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>,
Shane McEwan <shane@mcewan.id.au>
Subject: Re: [bristol] Extra cron process
Message-ID: <BA3081FD-E1AE-4899-A3B0-63025AAB2084@googlemail.com>
Content-Type: text/plain; charset=UTF-8
On 17 December 2014 10:14:20 GMT+00:00, Shane McEwan <shane@mcewan.id.au> wrote:
>That looks very suspicious!
>
>'stat /var/spool/cron/crontabs/www-data' should tell you when the file
>was created. The "Change" time is the closest you can get to a create
>time although that time is updated if the file is chmodded or chowned.
>
>The /tmp directory is usually wiped out when the machine is rebooted so
>if /tmp/update doesn't exist then it means the crontab was probably
>created before the last reboot of the machine.
>
>Either way, it looks to me like you've been hacked. :-(
>
>Backup your important files, wipe the disk and reinstall. It's the only
>way to be sure.
>
>Shane.
>
>On 16/12/14 19:01, Martin Moore wrote:
>> Bottom line is that I didn?t think there was a cron for www-data!
>>
>>
>>
>> That?s why I?m concerned.
>>
>>
>>
>> OK, contents of www-data cron :
>>
>>
>>
>> * * * * * /tmp/update >/dev/null 2>&1
>>
>>
>>
>>
>>
>> There is no file /tmp/update
>>
>>
>>
>> Even more concerned now!
>>
>>
>>
>> Can I get the date the cron file was created?
>>
>>
>>
>> Martin.
>>
>>
>>
>>
>>
>> *From:*Max B [mailto:psykx.out@gmail.com]
>> *Sent:* 16 December 2014 18:52
>> *To:* Martin Moore; Bristol and Bath Linux User Group
>> *Subject:* Re: [bristol] Extra cron process
>>
>>
>>
>> what was it running? whats in your cron tab?
>>
>>
>>
>> We'd need to know more about the server.
>>
>>
>>
>> Max B
>>
>>
>>
>> On 16 December 2014 at 19:11, Martin Moore <martinm@it-helps.co.uk
>> <mailto:martinm@it-helps.co.uk>> wrote:
>>
>> I had a nagios warning of more than 1 cron running on Debian.
>>
>>
>>
>> Had a look and there was an extra one running as www-data which I?ve
>> killed. Could someone have got in via http?
>>
>>
>>
>> Should I be worried?
>>
>>
>>
>> Martin.
>>
>>
>> _______________________________________________
>> Bristol mailing list
>> Bristol@mailman.lug.org.uk <mailto:Bristol@mailman.lug.org.uk>
>> https://mailman.lug.org.uk/mailman/listinfo/bristol
>>
>>
>------------------------------------------------------------------------
>>
>> No virus found in this message.
>> Checked by AVG - www.avg.com <http://www.avg.com>
>> Version: 2015.0.5577 / Virus Database: 4235/8727 - Release Date:
>12/13/14
>>
>>
>>
>> _______________________________________________
>> Bristol mailing list
>> Bristol@mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/bristol
>>
>
>_______________________________________________
>Bristol mailing list
>Bristol@mailman.lug.org.uk
>https://mailman.lug.org.uk/mailman/listinfo/bristol
Maybe the Bash exploit previously mentioned on this list?
------------------------------
Message: 2
Date: Wed, 17 Dec 2014 19:13:39 -0000
From: "Martin Moore" <martinm@it-helps.co.uk>
To: "'Bristol and Bath Linux User Group'"
<bristol@mailman.lug.org.uk>, "'Shane McEwan'" <shane@mcewan.id.au>
Subject: Re: [bristol] Extra cron process
Message-ID:
<!&!AAAAAAAAAAAYAAAAAAAAAFLxZtQqo65Oo+1jhlUB9DvCgAAAEAAAAM9HE8njEp9NtfKivIlazjYBAAAAAA==@it-helps.co.uk>
Content-Type: text/plain; charset="utf-8"
>Maybe the Bash exploit previously mentioned on this list?
Quite possibly. I've done a security update today.
When the hosting co get their act together I can put some Jessie severs in, but it's out of my hands at the mo :(
Martin
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5577 / Virus Database: 4235/8727 - Release Date: 12/13/14
------------------------------
Message: 3
Date: Thu, 18 Dec 2014 09:08:03 +0000
From: Peter Hemmings <peter@hemmings.eclipse.co.uk>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: [bristol] KT Christmas Meeting This Saturday
Message-ID: <54929973.1030308@hemmings.eclipse.co.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Hi,
I hope to be at the KT at 2pm and may even partake in a Christmas lunch.
Will I be on my own!?
--
Peter H
------------------------------
Message: 4
Date: Thu, 18 Dec 2014 09:41:46 +0000
From: Sebastian <sebsebseb_mageia@gmx.com>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>,
sebastian <sebsebseb_mageia@gmx.com>
Subject: Re: [bristol] KT Christmas Meeting This Saturday
Message-ID: <5492A15A.50602@gmx.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
On 18/12/14 09:08, Peter Hemmings wrote:
> Hi,
>
> I hope to be at the KT at 2pm and may even partake in a Christmas lunch.
>
> Will I be on my own!?
>
>
No I should be there as well at about 2pm or about 2:30pm.
If any new people who would like to come along to our LUG meeting this
Saturday as well you're welcome to. See website for more details, or
reply back telling us that your new and some can be emailed.
Regards
Sebastian
------------------------------
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
End of Bristol Digest, Vol 581, Issue 4
***************************************
Tidak ada komentar:
Posting Komentar