Article 7184 at 06/09/22 03:31:22 From: howie (at mark) howie.co.uk Subject: [coba-e:07184] Re: psybnc (IRC Bouncer)

Index: [Article Count Order] [Thread]

Date:  Fri, 22 Sep 2006 08:31:13 +0100
From:  "Howie Dines" <howie (at mark) howie.co.uk>
Subject:  [coba-e:07184] Re: psybnc (IRC Bouncer)
To:  coba-e (at mark) bluequartz.org
Message-Id:  <20060922072246.M10755 (at mark) howie.co.uk>
In-Reply-To:  <00ab01c6de11$ccb06380$6400a8c0@YOUR4105E587B6>
References:  <001001c6de06$1fb54020$3200a8c0@howies> <00ab01c6de11$ccb06380$6400a8c0@YOUR4105E587B6>
X-Mail-Count: 07184

On Fri, 22 Sep 2006 02:39:04 -0400, Darrell D. Mobley wrote
> Did you determine how he got in?

Through the front door unfortunately, logged in as admin.

I'll crawl through the logs when I get in tonight. I'll also be looking at the image of 
the drive from 1.5 weeks ago as I had a complete system crash and had to reload totally.

This time it just looks like he has loaded the IRC code. On the system that crashed I 
guess he was hiding his tracks fllowing a brute force style hack.

Oh well I was able to boot on a live CD and copy most things before reloading. So I may 
have a chance to track him down.

Best Regards,
Howie.