Prv8 Shell
Server : Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4
System : Linux server.jackjohnson.com 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64
User : jackjohn ( 502)
PHP Version : 5.3.17
Disable Function : NONE
Directory :  /home/jackjohn/mail/.jackjohnson@jackjohnson_com/cur/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/jackjohn/mail/.jackjohnson@jackjohnson_com/cur/1349317088.000062.mbox:2,
Return-Path: <root@jackjohnson.nethosting.com>
Received: from jackjohnson.nethosting.com ([127.0.0.25])
	by jackjohnson.nethosting.com (8.13.6.20060614/8.13.6) with ESMTP id l11A2IDn037953
	for <root@jackjohnson.nethosting.com>; Thu, 1 Feb 2007 03:02:19 -0700 (MST)
Received: (from root@localhost)
	by jackjohnson.nethosting.com (8.13.6.20060614/8.13.6/Submit) id l11A2IGX037948
	for root; Thu, 1 Feb 2007 03:02:18 -0700 (MST)
Date: Thu, 1 Feb 2007 03:02:18 -0700 (MST)
From: Charlie Root <root@jackjohnson.nethosting.com>
Message-Id: <200702011002.l11A2IGX037948@jackjohnson.nethosting.com>
To: root@jackjohnson.nethosting.com
Subject: jackjohnson.nethosting.com security run output


Checking setuid files and devices:

jackjohnson.nethosting.com setuid diffs:
--- /var/log/setuid.today	Fri Jan  5 03:01:28 2007
+++ /tmp/security.HHAo7IdE	Thu Feb  1 03:02:17 2007
@@ -14,7 +14,7 @@
 124373523 -r-sr-xr-x  1 root  wheel      22528 Nov 18 08:57:07 2005 /skel/sbin/ping
 124373524 -r-sr-xr-x  1 root  wheel      30696 Sep 20 14:15:21 2006 /skel/sbin/ping6
 124373528 -r-sr-x---  1 root  operator   10820 Nov 18 09:10:30 2005 /skel/sbin/shutdown
-124377747 -rws--x--x  1 root  wheel     261084 Nov  6 09:33:08 2006 /skel/usr/X11R6/bin/xterm
+124377678 -rws--x--x  1 root  wheel     261244 Dec 11 14:11:33 2006 /skel/usr/X11R6/bin/xterm
 124394752 -r-sr-xr-x  4 root  wheel      20948 Nov  3 01:11:16 2005 /skel/usr/bin/at
 124394752 -r-sr-xr-x  4 root  wheel   20948 Nov  3 01:11:16 2005 /skel/usr/bin/atq
 124394752 -r-sr-xr-x  4 root  wheel   20948 Nov  3 01:11:16 2005 /skel/usr/bin/atrm
@@ -57,12 +57,11 @@
 124664766 ---s--x--x  2 root  wheel    93244 Feb 15 16:20:17 2006 /skel/usr/local/bin/sudoedit
 124698111 -rwsr-xr-x  1 root  bin      11451 Jun 27 14:18:28 2003 /skel/usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe
 124956217 -rwx--s--x  1 root  mail     12499 Nov 18 10:34:50 2005 /skel/usr/local/libexec/mlock
-125023514 -rwxr-sr-x  1 root  kmem    116484 May  1 11:31:18 2006 /skel/usr/local/sbin/lsof
-125023539 -r-s--x--x  1 root  wheel    14320 Oct 20 17:14:23 2006 /skel/usr/local/sbin/sinfo
+125023530 -r-s--x--x  1 root  wheel    14320 Dec  1 11:02:36 2006 /skel/usr/local/sbin/sinfo
 125401144 -r-xr-sr-x  1 root  daemon   43112 Nov  3 01:11:47 2005 /skel/usr/sbin/lpc
 125401191 -r-sr-xr-x  1 root  wheel    23264 Nov 18 08:56:11 2005 /skel/usr/sbin/traceroute
 125401192 -r-sr-xr-x  1 root  wheel    16916 Nov 18 08:56:18 2005 /skel/usr/sbin/traceroute6
-124377747 -rws--x--x  1 root  wheel     261084 Nov  6 09:33:08 2006 /usr/X11R6/bin/xterm
+124377678 -rws--x--x  1 root  wheel     261244 Dec 11 14:11:33 2006 /usr/X11R6/bin/xterm
 124394752 -r-sr-xr-x  4 root  wheel      20948 Nov  3 01:11:16 2005 /usr/bin/at
 124394752 -r-sr-xr-x  4 root  wheel   20948 Nov  3 01:11:16 2005 /usr/bin/atq
 124394752 -r-sr-xr-x  4 root  wheel   20948 Nov  3 01:11:16 2005 /usr/bin/atrm
@@ -105,8 +104,7 @@
 124664766 ---s--x--x  2 root  wheel    93244 Feb 15 16:20:17 2006 /usr/local/bin/sudoedit
 124698111 -rwsr-xr-x  1 root  bin      11451 Jun 27 14:18:28 2003 /usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe
 124956217 -rwx--s--x  1 root  mail     12499 Nov 18 10:34:50 2005 /usr/local/libexec/mlock
-125023514 -rwxr-sr-x  1 root  kmem    116484 May  1 11:31:18 2006 /usr/local/sbin/lsof
-125023539 -r-s--x--x  1 root  wheel    14320 Oct 20 17:14:23 2006 /usr/local/sbin/sinfo
+125023530 -r-s--x--x  1 root  wheel    14320 Dec  1 11:02:36 2006 /usr/local/sbin/sinfo
 125401144 -r-xr-sr-x  1 root  daemon   43112 Nov  3 01:11:47 2005 /usr/sbin/lpc
 125401191 -r-sr-xr-x  1 root  wheel    23264 Nov 18 08:56:11 2005 /usr/sbin/traceroute
 125401192 -r-sr-xr-x  1 root  wheel    16916 Nov 18 08:56:18 2005 /usr/sbin/traceroute6

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

jackjohnson.nethosting.com login failures:
Jan 31 00:21:43 jackjohnson sshd[99805]: Failed password for invalid user staff from 201.48.120.170 port 58347 ssh2
Jan 31 00:21:51 jackjohnson sshd[99844]: Failed password for invalid user sales from 201.48.120.170 port 59256 ssh2
Jan 31 00:21:56 jackjohnson sshd[99870]: Failed password for invalid user recruit from 201.48.120.170 port 60533 ssh2
Jan 31 00:22:04 jackjohnson sshd[99883]: Failed password for invalid user alias from 201.48.120.170 port 33536 ssh2
Jan 31 00:22:07 jackjohnson sshd[99890]: Failed password for invalid user office from 201.48.120.170 port 35381 ssh2
Jan 31 08:43:33 jackjohnson sshd[35395]: Failed password for root from 125.88.125.129 port 47553 ssh2
Jan 31 08:43:37 jackjohnson sshd[35421]: Failed password for root from 125.88.125.129 port 47599 ssh2
Jan 31 08:43:44 jackjohnson sshd[35460]: Failed password for root from 125.88.125.129 port 47702 ssh2
Jan 31 08:43:48 jackjohnson sshd[35493]: Failed password for root from 125.88.125.129 port 47856 ssh2

jackjohnson.nethosting.com refused connections:

-- End of security output --

haha - 2025