Prv8 Shell
Server : Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4
System : Linux server.jackjohnson.com 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64
User : jackjohn ( 502)
PHP Version : 5.3.17
Disable Function : NONE
Directory :  /home/jackjohn/mail/jackjohnson.com/jackjohnson/cur/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/jackjohn/mail/jackjohnson.com/jackjohnson/cur/1349317088.000077.mbox:2,
Return-Path: <root@jackjohnson.nethosting.com>
Received: from jackjohnson.nethosting.com ([127.0.0.19])
	by jackjohnson.nethosting.com (8.13.6.20060614/8.13.6) with ESMTP id l1KA7WXM006779
	for <root@jackjohnson.nethosting.com>; Tue, 20 Feb 2007 03:07:32 -0700 (MST)
Received: (from root@localhost)
	by jackjohnson.nethosting.com (8.13.6.20060614/8.13.6/Submit) id l1KA7Wh3006730
	for root; Tue, 20 Feb 2007 03:07:32 -0700 (MST)
Date: Tue, 20 Feb 2007 03:07:32 -0700 (MST)
From: Charlie Root <root@jackjohnson.nethosting.com>
Message-Id: <200702201007.l1KA7Wh3006730@jackjohnson.nethosting.com>
To: root@jackjohnson.nethosting.com
Subject: jackjohnson.nethosting.com security run output


Checking setuid files and devices:

jackjohnson.nethosting.com setuid diffs:
--- /var/log/setuid.today	Mon Feb 12 03:07:57 2007
+++ /tmp/security.GAw8o8BN	Tue Feb 20 03:07:31 2007
@@ -1,3 +1,11 @@
+124664343 -r-sr-xr-x  1 man   wheel    33152 Nov  2 12:34:29 2006 /backup/usr/local/bin/jman
+124664368 -rwxr-sr-x  1 root  mail     12784 Nov 17 18:17:16 2005 /backup/usr/local/bin/lockfile
+124664413 -rwxr-sr-x  1 root  mail      7668 Jan  3 09:10:32 2007 /backup/usr/local/bin/muttng_dotlock
+124664700 -rwsr-sr-x  1 root  mail     74140 Nov 17 18:17:16 2005 /backup/usr/local/bin/procmail
+124664757 -rws--x--x  1 root  wheel   949226 Nov 14 15:32:22 2005 /backup/usr/local/bin/sperl5.8.7
+124664766 ---s--x--x  2 root  wheel    93244 Feb 15 16:20:17 2006 /backup/usr/local/bin/sudo
+124664766 ---s--x--x  2 root  wheel    93244 Feb 15 16:20:17 2006 /backup/usr/local/bin/sudoedit
+124956217 -rwx--s--x  1 root  mail     12499 Nov 18 10:34:50 2005 /backup/usr/local/libexec/mlock
 124242811 -r-sr-xr-x  1 root  wheel      18332 Nov  3 01:10:07 2005 /bin/rcp
 124373523 -r-sr-xr-x  1 root  wheel      22528 Nov 18 08:57:07 2005 /sbin/ping
 124373524 -r-sr-xr-x  1 root  wheel      30696 Sep 20 14:15:21 2006 /sbin/ping6
@@ -42,7 +50,7 @@
 124641832 -rwsr-xr-x  1 root  wheel    14993 Aug  1 08:31:47 2006 /skel/usr/local/apache2/bin/suexec
 124664343 -r-sr-xr-x  1 man   wheel    33152 Nov  2 12:34:29 2006 /skel/usr/local/bin/jman
 124664368 -rwxr-sr-x  1 root  mail     12784 Nov 17 18:17:16 2005 /skel/usr/local/bin/lockfile
-124664414 -rwxr-sr-x  1 root  mail      7668 Oct 16 10:10:22 2006 /skel/usr/local/bin/muttng_dotlock
+124664413 -rwxr-sr-x  1 root  mail     7668 Jan  3 09:10:32 2007 /skel/usr/local/bin/muttng_dotlock
 124664700 -rwsr-sr-x  1 root  mail     74140 Nov 17 18:17:16 2005 /skel/usr/local/bin/procmail
 124664757 -rws--x--x  1 root  wheel   949226 Nov 14 15:32:22 2005 /skel/usr/local/bin/sperl5.8.7
 124664766 ---s--x--x  2 root  wheel    93244 Feb 15 16:20:17 2006 /skel/usr/local/bin/sudo
@@ -89,7 +97,7 @@
 124641832 -rwsr-xr-x  1 root  wheel   14993 Aug  1 08:31:47 2006 /usr/local/apache2/bin/suexec
 124664343 -r-sr-xr-x  1 man   wheel   33152 Nov  2 12:34:29 2006 /usr/local/bin/jman
 124664368 -rwxr-sr-x  1 root  mail    12784 Nov 17 18:17:16 2005 /usr/local/bin/lockfile
-124664414 -rwxr-sr-x  1 root  mail        7668 Oct 16 10:10:22 2006 /usr/local/bin/muttng_dotlock
+124664413 -rwxr-sr-x  1 root  mail      7668 Jan  3 09:10:32 2007 /usr/local/bin/muttng_dotlock
 124664700 -rwsr-sr-x  1 root  mail       74140 Nov 17 18:17:16 2005 /usr/local/bin/procmail
 124664757 -rws--x--x  1 root  wheel     949226 Nov 14 15:32:22 2005 /usr/local/bin/sperl5.8.7
 124664766 ---s--x--x  2 root  wheel      93244 Feb 15 16:20:17 2006 /usr/local/bin/sudo

jackjohnson.nethosting.com changes in mounted filesystems:
--- /var/log/mount.today	Mon Feb 12 03:07:57 2007
+++ /tmp/security.ifWXXC00	Tue Feb 20 03:07:31 2007
@@ -3,4 +3,4 @@
 devfs	/dev	devfs rw	0 0
 procfs	/proc	procfs rw	0 0
 /dev/aacd0s1d	/ports	ufs ro	0 0
-/dev/aacd0s1a	/backup	ufs ro	0 0
+/dev/aacd1s1e	/backup	ufs ro	0 0

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

jackjohnson.nethosting.com login failures:
Feb 19 04:20:37 jackjohnson sshd[8675]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 04:20:37 jackjohnson sshd[8675]: Failed password for root from 207.44.164.38 port 51979 ssh2
Feb 19 04:20:38 jackjohnson sshd[8725]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 04:20:38 jackjohnson sshd[8725]: Failed password for root from 207.44.164.38 port 52089 ssh2
Feb 19 04:20:39 jackjohnson sshd[8764]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 04:20:39 jackjohnson sshd[8764]: Failed password for root from 207.44.164.38 port 52197 ssh2
Feb 19 04:20:40 jackjohnson sshd[8799]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 04:20:40 jackjohnson sshd[8799]: Failed password for root from 207.44.164.38 port 52295 ssh2
Feb 19 05:02:00 jackjohnson sshd[11930]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 05:02:00 jackjohnson sshd[11930]: Failed password for mysql from 207.44.164.38 port 60044 ssh2
Feb 19 05:02:00 jackjohnson sshd[11967]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 05:02:00 jackjohnson sshd[11967]: Failed password for mysql from 207.44.164.38 port 60116 ssh2
Feb 19 05:02:02 jackjohnson sshd[12007]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 05:02:02 jackjohnson sshd[12007]: Failed password for mysql from 207.44.164.38 port 60189 ssh2
Feb 19 05:02:03 jackjohnson sshd[12051]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 05:02:03 jackjohnson sshd[12051]: Failed password for mysql from 207.44.164.38 port 60329 ssh2
Feb 19 05:02:04 jackjohnson sshd[12085]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 05:02:04 jackjohnson sshd[12085]: Failed password for mysql from 207.44.164.38 port 60433 ssh2
Feb 19 07:30:48 jackjohnson sshd[21572]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 07:30:48 jackjohnson sshd[21572]: Failed password for mysql from 207.44.164.38 port 55955 ssh2
Feb 19 07:30:50 jackjohnson sshd[21616]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 07:30:50 jackjohnson sshd[21616]: Failed password for mysql from 207.44.164.38 port 56032 ssh2
Feb 19 07:30:51 jackjohnson sshd[21672]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 07:30:51 jackjohnson sshd[21672]: Failed password for mysql from 207.44.164.38 port 56182 ssh2
Feb 19 09:17:01 jackjohnson sshd[36247]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 09:17:01 jackjohnson sshd[36247]: Failed password for invalid user ken from 207.44.164.38 port 33425 ssh2
Feb 19 09:17:03 jackjohnson sshd[36305]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 09:17:03 jackjohnson sshd[36305]: Failed password for invalid user ken from 207.44.164.38 port 33576 ssh2
Feb 19 09:17:04 jackjohnson sshd[36358]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 09:17:04 jackjohnson sshd[36358]: Failed password for invalid user ken from 207.44.164.38 port 33706 ssh2
Feb 19 09:17:05 jackjohnson sshd[36400]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 09:17:05 jackjohnson sshd[36400]: Failed password for invalid user ken from 207.44.164.38 port 33868 ssh2
Feb 19 09:17:06 jackjohnson sshd[36425]: reverse mapping checking getaddrinfo for ev1s-207-44-164-38.ev1servers.net [207.44.164.38] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 19 09:17:06 jackjohnson sshd[36425]: Failed password for invalid user ken from 207.44.164.38 port 33949 ssh2
Feb 19 10:50:55 jackjohnson sshd[52766]: Failed password for invalid user staff from 193.243.146.209 port 20814 ssh2
Feb 19 10:50:58 jackjohnson sshd[52802]: Failed password for invalid user sales from 193.243.146.209 port 21142 ssh2
Feb 19 10:51:00 jackjohnson sshd[52838]: Failed password for invalid user recruit from 193.243.146.209 port 21806 ssh2
Feb 19 10:51:02 jackjohnson sshd[52874]: Failed password for invalid user alias from 193.243.146.209 port 22158 ssh2
Feb 19 10:51:05 jackjohnson sshd[52912]: Failed password for invalid user office from 193.243.146.209 port 22805 ssh2

jackjohnson.nethosting.com refused connections:

-- End of security output --

haha - 2025