February 22nd, 2008, 02:40 AM
Waktu IRC bot was installed on our server
One of our clients servers was hacked overnight (it appears through a vulnerability in the Sphider script we used) and a "Hacked By kangkung Indonesian Hacker" placed on the front page + a copy in "/Sphider/" along with a couple of IRC bot scripts.
I found two references to on Google as "Waktu Bot" by searching for strings from the source but nothing else.
It was only up for about 12 hours thankfully and nothing else in the site seems to have been touched, but we've pulled the site down anyway for now while we do a more thorough check.
Has anyone else had dealings with this script or been defaced by this Skiddie?
Addendum : Found in another directory which was only protected by .htpasswd that they'd uploaded an "eggdrop" script - not something I'd heard of until now. More bots - fun, fun...
Last edited by niggles; February 22nd, 2008 at 03:09 AM.
Reason: Changing title...
February 22nd, 2008, 08:59 AM
I'm not familiar with this bot but I've seen many others..
Backup the data and just reinstall everything from scratch. Don't forget to patch things..
It's the only way to make sure it's clean.
Edit: Oh.. If possible I'd like to see that bot
Last edited by SirDice; February 22nd, 2008 at 09:02 AM.
Experience is something you don't get until just after you need it.
February 24th, 2008, 10:25 PM
SirDice - Sent you a PM with a link to see the code.
We ended up just wiping the server and and re-installing a clean backup of the site minus the areas we felt may have been the vulnerable entry points and will leave them out until we recode them.
February 27th, 2008, 07:32 AM
Sounds like a good excuse to setup a honeypot.
By cheyenne1212 in forum Miscellaneous Security Discussions
Last Post: February 1st, 2012, 02:51 PM
By elfguy in forum General Computer Discussions
Last Post: July 7th, 2005, 02:34 AM
By MicroBurn in forum Other Tutorials Forum
Last Post: March 2nd, 2005, 04:31 PM
By gore in forum Operating Systems
Last Post: February 25th, 2005, 08:12 AM
By Lansing_Banda in forum Network Security Discussions
Last Post: October 5th, 2003, 03:14 AM