user tracking
Mark Peoples
gascsd@gascairlines.com
Mon, 25 Sep 2000 20:26:15 -0700
I saw it. <g>
-----Original Message-----
From: plug-discuss-admin@lists.PLUG.phoenix.az.us
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Craig
White
Sent: Monday, September 25, 2000 8:13 PM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: RE: user tracking
Actually, I'm quite afraid that wu-ftpd 2.6 is also compromised...didn't I
see a notice a few weeks back?
Craig
> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Don
> Harrop
> Sent: Monday, September 25, 2000 1:24 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: user tracking
>
>
> Thanks for the responses. I never know about the command "last". Very
> cool. I've already found out most of what I needed. It was some guy over
> in Russia. Those punks! :-) He left some cool utilz on the hard drive
> for me though. A login replacement that logs all usernames and passwords
> and a in.ftpd replacement. That's how he got in in the first place. I
> was running wu-ftpd 2.5.x... I already know there's tons of documented
> exploits with that verison. I've just upgraded to wu-ftpd 2.6 so that
> should slow 'em down a little bit.
>
> Don
>
> On 26 Sep 2000, Bill Warner wrote:
>
> > This information is located in the /etc/shadow file. it is refrenced
> > in the standard unix time thing (seconds sense jan 1 1970) check
> > man shadow for more details
> >
> > Bill Warner
> >
> > > Hey guys.
> > > At login I get a printout of when the last login occured. Where
> > > is that info stored? I want to check out a user on the system but
> > > don't want to log in as them. One of the machines I work with had the
> > > root account compromised. It's just running a few mushes so
> it's not that
> > > big of deal but I don't want it happening again. I went
> through it with a
> > > fine tooth comb and wouldn't mind it if any of you guys tried
> to whack at
> > > it... Lemme know what you find. The IP is 205.216.140.17
> > >
> > > Don
> > >
> > >
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your
> mail doesn't post to the list quickly and you use Netscape to write mail.
> > >
> > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > >
> >
> >
> >
> >
>
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail
> doesn't post to the list quickly and you use Netscape to write mail.
>
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.
Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss