Ako rasa semua trojan fail, backdoor dah removed.
[root@hacked zeo]# telnet localhost 60712
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-1.5-1.2.27
Fail to patch and update using RH up2date agent, what the hell tak pepasal gune apt. The vurn ako rasa datang dari samba (lama punya bug), sebab jumpa pelbagai jenis samba remote exploit dalam folder hekers tu. Atau password guessing? Sebab ade satu fail hekers tu, menggunakan id user dan group user local. Hard to tell, just helping my lazy friend restoring the box back to normal. Backdoor analysis?
Thanks to SecureCRT log function. Tapi nanti la bikin. keh keh. mail popslopp@hotmail.com? Heker email? Not 100% patch cause dah subuh. Tak tido uwaa ngantuk.
kena hek lagi..eekek..suka btul gula2 hek
tu hek emel hotmail dia. sniffer semua pi inbox tu. hehee