Results 1 to 4 of 4

Thread: Waktu IRC bot was installed on our server

  1. #1

    Waktu IRC bot was installed on our server

    Hi,

    One of our clients servers was hacked overnight (it appears through a vulnerability in the Sphider script we used) and a "Hacked By kangkung Indonesian Hacker" placed on the front page + a copy in "/Sphider/" along with a couple of IRC bot scripts.

    I found two references to on Google as "Waktu Bot" by searching for strings from the source but nothing else.

    It was only up for about 12 hours thankfully and nothing else in the site seems to have been touched, but we've pulled the site down anyway for now while we do a more thorough check.

    Has anyone else had dealings with this script or been defaced by this Skiddie?

    Addendum : Found in another directory which was only protected by .htpasswd that they'd uploaded an "eggdrop" script - not something I'd heard of until now. More bots - fun, fun...

    Cheers,
    Niggles
    Last edited by niggles; February 22nd, 2008 at 03:09 AM. Reason: Changing title...

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I'm not familiar with this bot but I've seen many others..

    Backup the data and just reinstall everything from scratch. Don't forget to patch things..

    It's the only way to make sure it's clean.

    Edit: Oh.. If possible I'd like to see that bot
    Last edited by SirDice; February 22nd, 2008 at 09:02 AM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    SirDice - Sent you a PM with a link to see the code.

    We ended up just wiping the server and and re-installing a clean backup of the site minus the areas we felt may have been the vulnerable entry points and will leave them out until we recode them.

    Cheers,
    Niggles

  4. #4
    Sounds like a good excuse to setup a honeypot.

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Shell Account *HELP*
    By elfguy in forum General Computer Discussions
    Replies: 17
    Last Post: July 7th, 2005, 01:34 AM
  3. Basic IRC use and administration
    By MicroBurn in forum Other Tutorials Forum
    Replies: 1
    Last Post: March 2nd, 2005, 04:31 PM
  4. Slack BSD
    By gore in forum Operating Systems
    Replies: 2
    Last Post: February 25th, 2005, 08:12 AM
  5. How do Instant Message Services Work?
    By Lansing_Banda in forum Network Security Discussions
    Replies: 2
    Last Post: October 5th, 2003, 02:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •