Lesson Learned

SlipWraith

Member
JFF Member
JFF Supporter
For the past couple of days I have noticed that my android phone no longer connects to my wireless network at home. I didn't think much of it but I had some apps that needed to update and they will only do so over wifi. I tried to connect my phone again and nothing happened.

I logged into my router (Linksys 160N running DDWRT) and started checking the status. The only thing that seemed off was that outbound connections was showing 100%. I looked at the log and ALL of the outbound traffic was from the minecraft server. . .

I logged onto the minecraft server and ran "who" and nothing came up. That's interesting since this is a root command that shows users that are logged onto the system. I ran "last" which lists users logged in and from what IP, also blank. Interesting... I then ran a Top and noticed that java wasn't running (If the minecraft server is up it is running). There was one process that I could not identify that was running. I then ran a "screen -r" which flipped me over to a running session that I had not started.

On this other session was a program running that was doing things like trying to connect to a system on different ports using different usernames etc.

Needless to say that server is no longer online, the minecraft server is permanently dissabled.


The moral of the story, only one other person had access to the server. it had a mostly secure 12 digit password. Either some one worked way to hard to hack the system or some one that doesn't know what they are doing opened it up for them without knowing (Installing mods or scripts without realizing it).

Lesson #2, don't ever give Wretched access to your machines ;)
 

Trekkan

JFF Administrator
Staff member
Sucks man, but seriously, they could of just used an exploit that you're unaware of that wasn't plugged. That's 90% of the hacks that happen to Linux machines.
 
Top