user tracking

Mark Peoples gascsd@gascairlines.com
Mon, 25 Sep 2000 20:26:15 -0700


I saw it.  <g>

-----Original Message-----
From: plug-discuss-admin@lists.PLUG.phoenix.az.us
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Craig
White
Sent: Monday, September 25, 2000 8:13 PM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: RE: user tracking


Actually, I'm quite afraid that wu-ftpd 2.6 is also compromised...didn't I
see a notice a few weeks back?

Craig

> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Don
> Harrop
> Sent: Monday, September 25, 2000 1:24 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: user tracking
>
>
> Thanks for the responses.  I never know about the command "last".  Very
> cool.  I've already found out most of what I needed.  It was some guy over
> in Russia.  Those punks!  :-)  He left some cool utilz on the hard drive
> for me though.  A login replacement that logs all usernames and passwords
> and a in.ftpd replacement.  That's how he got in in the first place.  I
> was running wu-ftpd 2.5.x... I already know there's tons of documented
> exploits with that verison.  I've just upgraded to wu-ftpd 2.6 so that
> should slow 'em down a little bit.
>
> Don
>
> On 26 Sep 2000, Bill Warner wrote:
>
> > This information is located in the /etc/shadow file.  it is refrenced
> > in the standard unix time thing (seconds sense jan 1 1970) check
> > man shadow for more details
> >
> > Bill Warner
> >
> > > Hey guys.
> > >       At login I get a printout of when the last login occured.  Where
> > > is that info stored?  I want to check out a user on the system but
> > > don't want to log in as them.  One of the machines I work with had the
> > > root account compromised.  It's just running a few mushes so
> it's not that
> > > big of deal but I don't want it happening again.  I went
> through it with a
> > > fine tooth comb and wouldn't mind it if any of you guys tried
> to whack at
> > > it...  Lemme know what you find.  The IP is 205.216.140.17
> > >
> > > Don
> > >
> > >
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your
> mail doesn't post to the list quickly and you use Netscape to write mail.
> > >
> > > Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > >
> >
> >
> >
> >
>
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail
> doesn't post to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

Plug-discuss mailing list  -  Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss