Prv8 Shell
Server : Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4
System : Linux server.jackjohnson.com 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64
User : jackjohn ( 502)
PHP Version : 5.3.17
Disable Function : NONE
Directory :  /home/jackjohn/mail/.jackjohnson@jackjohnson_com/cur/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/jackjohn/mail/.jackjohnson@jackjohnson_com/cur/1349317088.000637.mbox:2,
Return-Path: <root@jackjohnson.nethosting.com>
Received: from jackjohnson.nethosting.com (localhost [127.0.0.1])
	by jackjohnson.nethosting.com (8.13.6.20060614/8.13.6) with ESMTP id l3P97IP2094412
	for <root@jackjohnson.nethosting.com>; Wed, 25 Apr 2007 03:07:18 -0600 (MDT)
Received: (from root@localhost)
	by jackjohnson.nethosting.com (8.13.6.20060614/8.13.6/Submit) id l3P97IXD094381
	for root; Wed, 25 Apr 2007 03:07:18 -0600 (MDT)
Date: Wed, 25 Apr 2007 03:07:18 -0600 (MDT)
From: Charlie Root <root@jackjohnson.nethosting.com>
Message-Id: <200704250907.l3P97IXD094381@jackjohnson.nethosting.com>
To: root@jackjohnson.nethosting.com
Subject: jackjohnson.nethosting.com security run output


Checking setuid files and devices:

jackjohnson.nethosting.com setuid diffs:
--- /var/log/setuid.today	Thu Apr 12 03:06:15 2007
+++ /tmp/security.5o4e7t43	Wed Apr 25 03:07:16 2007
@@ -14,7 +14,7 @@
 124373523 -r-sr-xr-x  1 root  wheel      22528 Nov 18 08:57:07 2005 /skel/sbin/ping
 124373524 -r-sr-xr-x  1 root  wheel      30696 Sep 20 14:15:21 2006 /skel/sbin/ping6
 124373528 -r-sr-x---  1 root  operator   10820 Nov 18 09:10:30 2005 /skel/sbin/shutdown
-124377663 -rws--x--x  1 root  wheel     264800 Mar  5 10:49:50 2007 /skel/usr/X11R6/bin/xterm
+124377800 -rws--x--x  1 root  wheel     267620 Mar 26 09:49:33 2007 /skel/usr/X11R6/bin/xterm
 124394752 -r-sr-xr-x  4 root  wheel      20948 Nov  3 01:11:16 2005 /skel/usr/bin/at
 124394752 -r-sr-xr-x  4 root  wheel   20948 Nov  3 01:11:16 2005 /skel/usr/bin/atq
 124394752 -r-sr-xr-x  4 root  wheel   20948 Nov  3 01:11:16 2005 /skel/usr/bin/atrm
@@ -45,7 +45,7 @@
 124619140 -r-sr-xr-x  1 root  wheel    3400 Nov  3 01:10:04 2005 /skel/usr/libexec/pt_chown
 124619145 -r-xr-sr-x  1 root  smmsp  657043 Jun 19 16:21:33 2006 /skel/usr/libexec/sendmail/sendmail
 124619146 -r-xr-sr-x  1 root  smmsp  588052 Nov 10 11:40:11 2005 /skel/usr/libexec/sendmail/sendmail-8.13.4
-124619149 -rws--x--x  1 root  wheel  141692 Nov 13 09:16:08 2006 /skel/usr/libexec/ssh-keysign
+124619147 -rws--x--x  1 root  wheel  141692 Mar 26 09:27:57 2007 /skel/usr/libexec/ssh-keysign
 124630292 -rws--x--x  1 root  wheel   10920 Jul 31 16:55:46 2006 /skel/usr/local/apache/bin/suexec
 124641831 -rwsr-xr-x  1 root  wheel   19380 Feb 28 13:55:07 2007 /skel/usr/local/apache2/bin/suexec
 124664331 -r-sr-xr-x  1 man   wheel   33152 Mar 12 11:24:42 2007 /skel/usr/local/bin/jman
@@ -63,7 +63,7 @@
 125401192 -r-sr-xr-x  1 root  wheel    16916 Nov 18 08:56:18 2005 /skel/usr/sbin/traceroute6
 125686083 -r-sr-xr-x  1 man   wheel    33152 Mar 12 11:24:42 2007 /skel/var/tmp/instmp.fCjVXx/bin/jman
 125686084 -r-sr-xr-x  1 man   wheel    33152 Mar 12 11:24:42 2007 /skel/var/tmp/instmp.stFjdP/bin/jman
-124377663 -rws--x--x  1 root  wheel     264800 Mar  5 10:49:50 2007 /usr/X11R6/bin/xterm
+124377800 -rws--x--x  1 root  wheel     267620 Mar 26 09:49:33 2007 /usr/X11R6/bin/xterm
 124394752 -r-sr-xr-x  4 root  wheel      20948 Nov  3 01:11:16 2005 /usr/bin/at
 124394752 -r-sr-xr-x  4 root  wheel   20948 Nov  3 01:11:16 2005 /usr/bin/atq
 124394752 -r-sr-xr-x  4 root  wheel   20948 Nov  3 01:11:16 2005 /usr/bin/atrm
@@ -94,7 +94,7 @@
 124619140 -r-sr-xr-x  1 root  wheel    3400 Nov  3 01:10:04 2005 /usr/libexec/pt_chown
 124619145 -r-xr-sr-x  1 root  smmsp  657043 Jun 19 16:21:33 2006 /usr/libexec/sendmail/sendmail
 124619146 -r-xr-sr-x  1 root  smmsp  588052 Nov 10 11:40:11 2005 /usr/libexec/sendmail/sendmail-8.13.4
-124619149 -rws--x--x  1 root  wheel  141692 Nov 13 09:16:08 2006 /usr/libexec/ssh-keysign
+124619147 -rws--x--x  1 root  wheel  141692 Mar 26 09:27:57 2007 /usr/libexec/ssh-keysign
 124630292 -rws--x--x  1 root  wheel   10920 Jul 31 16:55:46 2006 /usr/local/apache/bin/suexec
 124641831 -rwsr-xr-x  1 root  wheel   19380 Feb 28 13:55:07 2007 /usr/local/apache2/bin/suexec
 124664331 -r-sr-xr-x  1 man   wheel   33152 Mar 12 11:24:42 2007 /usr/local/bin/jman

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

jackjohnson.nethosting.com login failures:
Apr 24 08:26:45 jackjohnson sshd[34772]: Failed password for invalid user test from 208.103.63.10 port 38925 ssh2
Apr 24 08:26:47 jackjohnson sshd[34812]: Failed password for invalid user guest from 208.103.63.10 port 39059 ssh2
Apr 24 08:26:48 jackjohnson sshd[34839]: Failed password for invalid user admin from 208.103.63.10 port 39167 ssh2
Apr 24 08:26:57 jackjohnson sshd[34871]: Failed password for invalid user admin from 208.103.63.10 port 39284 ssh2
Apr 24 08:26:58 jackjohnson sshd[34935]: Failed password for invalid user user from 208.103.63.10 port 39407 ssh2

jackjohnson.nethosting.com refused connections:

-- End of security output --

haha - 2025