Some Assclown tried to hack my Linux box.

Some Asshat tried to hack my Linux box.

Yesterday morning I was combing thru the logs, and it looks like someone tried using a skript to exploit some of my system logins. Luckily my security held up, and they couldn't get in. They tried for like 3 days it looks like, and they gave up...for now. This is very different from back in 2000 when I got hacked, and my system files destroyed in an attempt to cover tracks. I came home and saw my DSL router blinking. I was like :wtf: . I logged in, and saw that commands had been executed as root...commands that I didn't do. :mad:The asshole was still on my system. He apparently had exploited some type of ftp weakness, because it showed the other user on the system was "ftpuser." After this incident, I became more security aware. Anyone else ever been hacked?

I hacked through some weeds once...I dunno..i've prolly been hacked...but I really don't care. Hopefully you don't get hacked again though, cause I'm sure that if you care, it sucks

I have tons of attempts caught in my snort log, but I've never been actually hacked. When I was a kid and ran windows I ran norton, and now I patch any new vulns every few days and have a robust firewall.

I should note that the snort log is full of exploit attempts by zombies mainly. The worst I have actually had was a malicious DoS attack that took out that piece of s*** linksys firewall a few years ago.

Yep last year there was someone who would try every morning and then night time for almost a month. It happen at about the sametime exactly so it was probably just a script with our IP on it trying to get in.

Kept trying to get my ISP to change the static IP but they never would nor understood what I was talking about.

I know someone who's linux machine got hacked freshman year and his computer was used for hte DOS Attack on Ebay. The FBI came in and took all his s*** and told him to setup a firewall.

And personally i've watch as people were in the process of hacking my computer. i got their ip address and run an exploit on them and took them offline before they got too far. it was fun

what a way to start the new year

Linux, hit me up. We can discuss ways to tighten sekurity even more.

It's funny how most of these so-called 'l337 h@x0rs" couldn't hack their way into a girl's panties in real life.

I use SSH tunnels when I log into that box remotely. You have to use ssh to login. And not SSH1 either. When I VNC there, I use tunnels. FTP, TELNET, and all that good stuff is shut down. You cannot login as root either. That motherfucker tried though:

Dec 28 19:04:02 shadow sshd2[624]: connection from "63.105.205.116"
Dec 28 19:04:02 shadow sshd2[9998]: DNS lookup failed for "63.105.205.116".
Dec 28 19:04:04 shadow sshd2[9998]: Wrong password given for user 'lp'.
Dec 28 19:04:05 shadow sshd2[624]: connection from "63.105.205.116"
Dec 28 19:04:05 shadow sshd2[9999]: DNS lookup failed for "63.105.205.116".
Dec 28 19:04:07 shadow sshd2[9999]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Dec 28 19:04:07 shadow sshd2[624]: connection from "63.105.205.116"
Dec 28 19:04:08 shadow sshd2[10000]: DNS lookup failed for "63.105.205.116".
Dec 28 19:04:09 shadow sshd2[10000]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Dec 28 19:04:10 shadow sshd2[624]: connection from "63.105.205.116"
Dec 28 19:04:10 shadow sshd2[10001]: DNS lookup failed for "63.105.205.116".
Dec 28 19:04:12 shadow sshd2[10001]: Wrong password given for user 'mail'.
Dec 28 19:04:12 shadow sshd2[624]: connection from "63.105.205.116"
Dec 28 19:04:12 shadow sshd2[10002]: DNS lookup failed for "63.105.205.116".
Dec 28 19:04:14 shadow sshd2[10002]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Dec 28 19:04:14 shadow sshd2[624]: connection from "63.105.205.116"
Dec 28 19:04:15 shadow sshd2[10003]: DNS lookup failed for "63.105.205.116".
Dec 28 19:04:16 shadow sshd2[10003]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Dec 28 19:04:17 shadow sshd2[624]: connection from "63.105.205.116"
Dec 28 19:04:17 shadow sshd2[10004]: DNS lookup failed for "63.105.205.116".
Dec 28 19:04:19 shadow sshd2[10004]: Wrong password given for user 'operator'.
Dec 28 19:04:19 shadow sshd2[624]: connection from "63.105.205.116"
Dec 28 19:04:19 shadow sshd2[10005]: DNS lookup failed for "63.105.205.116".
Dec 28 19:04:21 shadow sshd2[10005]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser


Then later:

Dec 28 21:37:17 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:37:17 shadow sshd2[10201]: DNS lookup failed for "210.100.255.3".
Dec 28 21:37:19 shadow sshd2[10201]: root login denied for user 'root'.
Dec 28 21:37:20 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:37:20 shadow sshd2[10202]: DNS lookup failed for "210.100.255.3".
Dec 28 21:37:22 shadow sshd2[10202]: root login denied for user 'root'.
Dec 28 21:37:23 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:37:23 shadow sshd2[10203]: DNS lookup failed for "210.100.255.3".
Dec 28 21:37:26 shadow sshd2[10203]: root login denied for user 'root'.
Dec 28 21:37:26 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:37:27 shadow sshd2[10204]: DNS lookup failed for "210.100.255.3".
Dec 28 21:37:29 shadow sshd2[10204]: root login denied for user 'root'.
Dec 28 21:37:30 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:37:30 shadow sshd2[10205]: DNS lookup failed for "210.100.255.3".
Dec 28 21:37:32 shadow sshd2[10205]: root login denied for user 'root'.
Dec 28 21:37:33 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:37:33 shadow sshd2[10206]: DNS lookup failed for "210.100.255.3".

Then this hundreds of times....


Dec 28 21:38:35 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:38:36 shadow sshd2[10224]: DNS lookup failed for "210.100.255.3".
Dec 28 21:38:38 shadow sshd2[10224]: Wrong password given for user 'adm'.
Dec 28 21:38:39 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:38:39 shadow sshd2[10225]: DNS lookup failed for "210.100.255.3".
Dec 28 21:38:42 shadow sshd2[10225]: root login denied for user 'root'.
Dec 28 21:38:42 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:38:43 shadow sshd2[10226]: DNS lookup failed for "210.100.255.3".
Dec 28 21:38:45 shadow sshd2[10226]: root login denied for user 'root'.
Dec 28 21:38:46 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:38:46 shadow sshd2[10227]: DNS lookup failed for "210.100.255.3".
Dec 28 21:38:50 shadow sshd2[10227]: root login denied for user 'root'.
Dec 28 21:38:50 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:38:51 shadow sshd2[10228]: DNS lookup failed for "210.100.255.3".
Dec 28 21:38:54 shadow sshd2[10228]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Dec 28 21:38:54 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:38:55 shadow sshd2[10229]: DNS lookup failed for "210.100.255.3".
Dec 28 21:38:57 shadow sshd2[10229]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Dec 28 21:38:58 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:38:58 shadow sshd2[10230]: DNS lookup failed for "210.100.255.3".
Dec 28 21:39:01 shadow sshd2[10230]: root login denied for user 'root'.
Dec 28 21:39:02 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:39:02 shadow sshd2[10231]: DNS lookup failed for "210.100.255.3".
Dec 28 21:39:06 shadow sshd2[10231]: root login denied for user 'root'.
Dec 28 21:39:06 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:39:07 shadow sshd2[10232]: DNS lookup failed for "210.100.255.3".
Dec 28 21:39:10 shadow sshd2[10232]: root login denied for user 'root'.
Dec 28 21:39:11 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:39:12 shadow sshd2[10233]: DNS lookup failed for "210.100.255.3".
Dec 28 21:39:15 shadow sshd2[10233]: root login denied for user 'root'.
Dec 28 21:39:16 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:39:17 shadow sshd2[10234]: DNS lookup failed for "210.100.255.3".
Dec 28 21:39:20 shadow sshd2[10234]: root login denied for user 'root'.
Dec 28 21:39:20 shadow sshd2[624]: connection from "210.100.255.3"
Dec 28 21:39:21 shadow sshd2[10235]: DNS lookup failed for "210.100.255.3".
Dec 28 21:39:25 shadow sshd2[10235]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc

This s*** went on for a couple of days. Then yesterday I see this;

Dec 31 09:20:31 shadow sshd2[622]: connection from "211.239.158.107"
Dec 31 09:20:31 shadow sshd2[2413]: DNS lookup failed for "211.239.158.107".
Dec 31 09:20:32 shadow sshd2[2190]: LoginGraceTime exceeded.
Dec 31 09:20:33 shadow sshd2[2413]: root login denied for user 'root'.
Dec 31 09:20:33 shadow sshd2[622]: connection from "211.239.158.107"
Dec 31 09:20:34 shadow sshd2[2414]: DNS lookup failed for "211.239.158.107".
Dec 31 09:20:35 shadow sshd2[2191]: LoginGraceTime exceeded.
Dec 31 09:20:35 shadow sshd2[2414]: root login denied for user 'root'.
Dec 31 09:20:36 shadow sshd2[622]: connection from "211.239.158.107"
Dec 31 09:20:36 shadow sshd2[2415]: DNS lookup failed for "211.239.158.107".
Dec 31 09:20:38 shadow sshd2[2415]: root login denied for user 'root'.
Dec 31 09:20:39 shadow sshd2[2192]: LoginGraceTime exceeded.
Dec 31 09:20:39 shadow sshd2[622]: connection from "211.239.158.107"
Dec 31 09:20:39 shadow sshd2[2416]: DNS lookup failed for "211.239.158.107".
Dec 31 09:20:41 shadow sshd2[2193]: LoginGraceTime exceeded.
Dec 31 09:20:41 shadow sshd2[2416]: root login denied for user 'root'.
Dec 31 09:20:42 shadow sshd2[622]: connection from "211.239.158.107"
Dec 31 09:20:44 shadow sshd2[2194]: LoginGraceTime exceeded.
Dec 31 09:20:46 shadow sshd2[2195]: LoginGraceTime exceeded.
Dec 31 09:20:49 shadow sshd2[2196]: LoginGraceTime exceeded.
Dec 31 09:20:52 shadow sshd2[2417]: DNS lookup failed for "211.239.158.107".
Dec 31 09:20:52 shadow sshd2[2417]: Local disconnected: Connection closed by remote host.
Dec 31 09:20:52 shadow sshd2[2417]: connection lost: 'Connection closed by remote host.'
Dec 31 09:20:52 shadow sshd2[2197]: LoginGraceTime exceeded.
Dec 31 09:20:55 shadow sshd2[2198]: LoginGraceTime exceeded.
Dec 31 09:20:59 shadow sshd2[2199]: LoginGraceTime exceeded.
Dec 31 09:21:03 shadow sshd2[2200]: LoginGraceTime exceeded.
Dec 31 09:21:06 shadow sshd2[2201]: LoginGraceTime exceeded.
Dec 31 09:21:09 shadow sshd2[2202]: LoginGraceTime exceeded.
Dec 31 09:21:13 shadow sshd2[2203]: LoginGraceTime exceeded.
Dec 31 09:21:16 shadow sshd2[2204]: LoginGraceTime exceeded.
Dec 31 09:21:20 shadow sshd2[2205]: LoginGraceTime exceeded.
Dec 31 09:21:23 shadow sshd2[2206]: LoginGraceTime exceeded.
Dec 31 09:21:26 shadow sshd2[2207]: LoginGraceTime exceeded.
Dec 31 09:21:30 shadow sshd2[2208]: LoginGraceTime exceeded.
Dec 31 09:21:33 shadow sshd2[2209]: LoginGraceTime exceeded.
Dec 31 09:21:36 shadow sshd2[2210]: LoginGraceTime exceeded.
Dec 31 09:21:39 shadow sshd2[2211]: LoginGraceTime exceeded.
Dec 31 09:21:43 shadow sshd2[2212]: LoginGraceTime exceeded.
Dec 31 09:21:47 shadow sshd2[2213]: LoginGraceTime exceeded.
Dec 31 09:21:50 shadow sshd2[2214]: LoginGraceTime exceeded.
Dec 31 09:21:53 shadow sshd2[2215]: LoginGraceTime exceeded.
Dec 31 09:21:58 shadow sshd2[2216]: LoginGraceTime exceeded.
Dec 31 09:22:01 shadow sshd2[2217]: LoginGraceTime exceeded.
Dec 31 09:22:05 shadow sshd2[2218]: LoginGraceTime exceeded.
Dec 31 09:22:08 shadow sshd2[2219]: LoginGraceTime exceeded.
Dec 31 09:22:12 shadow sshd2[2220]: LoginGraceTime exceeded.
Dec 31 09:22:15 shadow sshd2[2221]: LoginGraceTime exceeded.

Of course the firewall is doing it's thing, and DENYing packets.

Looks like this asshole is at it again. I got some fresh log entries from about an hour ago with the following:

Jan 1 18:14:42 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:14:45 shadow sshd2[1572]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Jan 1 18:14:47 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:14:50 shadow sshd2[1573]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Jan 1 18:14:51 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:14:55 shadow sshd2[1574]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Jan 1 18:14:56 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:14:59 shadow sshd2[1575]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc
Jan 1 18:15:01 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:15:04 shadow sshd2[1579]: root login denied for user 'root'.
Jan 1 18:15:05 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:15:10 shadow sshd2[1580]: root login denied for user 'root'.
Jan 1 18:15:12 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:15:15 shadow sshd2[1581]: root login denied for user 'root'.
Jan 1 18:15:16 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:15:20 shadow sshd2[1582]: root login denied for user 'root'.
Jan 1 18:15:21 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:15:25 shadow sshd2[1583]: root login denied for user 'root'.
Jan 1 18:15:26 shadow sshd2[613]: connection from "210.64.157.47"
Jan 1 18:15:30 shadow sshd2[1584]: FATAL ERROR: sshunixuser.c:1718 SshUnixUser ssh_user_get_groups Precondition failed: uc

Jan 1 18:17:18 shadow sshd2[1470]: LoginGraceTime exceeded.
Jan 1 18:17:30 shadow sshd2[1473]: LoginGraceTime exceeded.
Jan 1 18:17:33 shadow sshd2[1474]: LoginGraceTime exceeded.
Jan 1 18:17:37 shadow sshd2[1475]: LoginGraceTime exceeded.
Jan 1 18:17:40 shadow sshd2[1476]: LoginGraceTime exceeded.
Jan 1 18:17:44 shadow sshd2[1477]: LoginGraceTime exceeded.
Jan 1 18:17:59 shadow kernel: Packet log: input DENY eth1 PROTO=6 62.241.71.30:5387 *omitted* :21 L=52 S=0x00 I=12546 F=0x4000 T=45 SYN (#40)

Jan 1 18:18:33 shadow sshd2[1491]: LoginGraceTime exceeded.
Jan 1 18:18:37 shadow sshd2[1492]: LoginGraceTime exceeded.
Jan 1 18:18:50 shadow sshd2[1496]: LoginGraceTime exceeded.
Jan 1 18:18:54 shadow sshd2[1497]: LoginGraceTime exceeded.
Jan 1 18:18:57 shadow sshd2[1498]: LoginGraceTime exceeded.
Jan 1 18:19:00 shadow sshd2[1499]: LoginGraceTime exceeded.
Jan 1 18:19:11 shadow sshd2[1502]: LoginGraceTime exceeded.
Jan 1 18:19:14 shadow sshd2[1503]: LoginGraceTime exceeded.
Jan 1 18:19:18 shadow sshd2[1504]: LoginGraceTime exceeded.
Jan 1 18:19:21 shadow sshd2[1505]: LoginGraceTime exceeded.
Jan 1 18:19:24 shadow sshd2[1506]: LoginGraceTime exceeded.
Jan 1 18:19:32 shadow sshd2[1508]: LoginGraceTime exceeded.
Jan 1 18:19:35 shadow sshd2[1509]: LoginGraceTime exceeded.
Jan 1 18:19:39 shadow sshd2[1510]: LoginGraceTime exceeded.
Jan 1 18:19:42 shadow sshd2[1511]: LoginGraceTime exceeded.
Jan 1 18:19:45 shadow sshd2[1512]: LoginGraceTime exceeded.
Jan 1 18:19:51 shadow sshd2[1513]: LoginGraceTime exceeded.

This guy just doesn't quit. Time to own him.

The traceroute:
[root]# traceroute 210.64.157.47
traceroute to 210.64.157.47 (210.64.157.47), 30 hops max, 38 byte packets
1 * * *
2 12.244.113.113 (12.244.113.113) 9.483 ms 13.787 ms 11.724 ms
3 12.244.69.1 (12.244.69.1) 9.235 ms 9.993 ms 9.471 ms
4 12.244.73.18 (12.244.73.18) 17.126 ms 9.678 ms 9.278 ms
5 gbr6-p80.dlstx.ip.att.net (12.123.17.30) 9.610 ms 8.448 ms 9.633 ms
6 tbr2-p013701.dlstx.ip.att.net (12.122.12.89) 12.087 ms 12.512 ms 31.481 ms
7 tbr2-cl6.sl9mo.ip.att.net (12.122.10.89) 24.265 ms 27.392 ms 26.785 ms
8 tbr2-cl7.cgcil.ip.att.net (12.122.10.45) 30.918 ms 33.734 ms 30.404 ms
9 ggr2-p390.cgcil.ip.att.net (12.123.6.37) 30.068 ms 31.244 ms 34.610 ms
10 att-gw.chi.gblx.net (192.205.32.126) 33.304 ms 31.967 ms 29.404 ms
11 so6-0-0-2488M.ar2.PAO2.gblx.net (67.17.67.246) 79.292 ms 78.442 ms 79.120 ms
12 Chungwa-Telecom-Co-Chunghwa-IP-4.ge-1-1-0.402.ar2.PAO2.gblx.net (208.48.33.122) 81.056 ms 80.093 ms 79.541 ms
13 R58-17.seed.net.tw (139.175.58.17) 232.764 ms 231.610 ms 235.560 ms
14 R58-1.seed.net.tw (139.175.58.1) 233.893 ms 232.025 ms 230.603 ms
15 sj235-101.dialup.seed.net.tw (139.175.235.101) 233.011 ms 231.575 ms 232.438 ms
16 210-64-157-47.adsl.dynamic.seed.net.tw (210.64.157.47) 282.364 ms 273.817 ms 284.837 ms
[root]#

lofl ...totally owned...looks like a newb to me..you should direct him to this thread somehow..make the login script say "Hey, Asshat....I put your stupidity on the internet for millions to see..Doh~"

Had a box get worked on last week. Was a buffer related exploit (as usual). Was my fault for not updating in a few weeks and leaving access to port 80 open to the wan on a webserver that had no business being accessable to anyone outside our network.

Live and learn. I don't use ftp anymore for anything. SFTP is standard on just about everything I use.

LOL! I found a nice page for anyone who may be wanting to understand some basic security measure for Linux:

http://docs.linux.com/documentation/04/04/15/1923224.shtml?tid=2&tid=14

Most of the stuff on there, I have already done years ago. There is a book out there that has some good info that I own called:

<table border="0" cellpadding="4" cellspacing="0"> <tbody><tr><td colspan="2" valign="top">
</td></tr> <tr> <td align="center" valign="top">
</td></tr></tbody> </table>
Here is the 2nd edition:

<table border="0" cellpadding="4" cellspacing="0"> <tbody><tr><td colspan="2" valign="top">
</td></tr> <tr> <td align="center" valign="top">
</td></tr></tbody> </table>
Hit it up https://www.amazon.com/dp/ (commissions earned) for more info. They have these books used, and CHEAP!!

One basic thing to do that will help out against basic DoS attacks is the following

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

What this does is makes it so your server does not answer pings. To get your server to answer pings again, echo 0 instead of 1.

One thing I noticed tonight is that my Login Grace Time was set too high in the sshd2_config file, so I changed that to a MUCH lower value.

ping -f 210.64.157.47

who's with me?

(rlaugh) That would flood em'.

I think he's using that box to use it for other dirty work. It has several obvious vulns:

hackbot -A 210.64.157.47

###############################################################
# HackBot v2.21 2003 / http://ws.obit.nl/hackbot/ #
# (c) 2000-2003 Marco van Berkum #
# #
# Marco van Berkum - m.v.berkum@obit.nl #
# Kristian Vlaardingerbroek - kris@obit.nl #
# Pepijn Vissers - zoef@zoefdehaas.nl #
# Martijn Mooijman - foobar@obit.nl #
# Herman Poortermans - herman@ofzo.nl #
###############################################################


Checking 210.64.157.47 ...

Trying MTA - Relaying, VRFY and EXPN
------------------------------------
220 dcky.homelinux.net ESMTP Sendmail 8.12.8/8.12.8; Sun, 2 Jan 2005 10:22:49 +0800

8 - 12 - 8
* Possibly buggy sendmail


Checking for SSH
----------------
SSH-1.99-OpenSSH_3.4p1

Checking Whois info @APNIC
--------------------------
Range: 210.64.0.0 - 210.64.255.255
Netname: SEEDNET
Description: Digital United Inc.
Country: TW
Admin-C: CY74-AP
Email: ccyang@du.net.tw


Checking for webserver on port 80
-----------------------------------
HTTP/1.1 200 OK
Date: Sun, 02 Jan 2005 02:24:02 GMT
Server: Apache/2.0.40 (Red Hat Linux)
Accept-Ranges: bytes
X-Powered-By: PHP/4.2.2
Set-Cookie: lang=english; expires=Mon, 02-Jan-06 02:24:02 GMT
Connection: close
Content-Type: text/html; charset=Big5


Evil buggy Apache found!
Several vulnerabilities, check http://www.apache.org

PHP 4.2.2 found

HTTP options
------------
Allow options : GET,HEAD,POST,OPTIONS,TRACE

Checking the webserver on port 80 for various potential problems
------------------------------------------------------------------
* /db/ found!
* Server has db directory

* /mrtg/ found!
* Server has mrtg directory

* /tmp/ found!
* Server has tmp directory

* /admin/ found!
* Server has admin directory

* /cgi-bin/htsearch found!
* Possible vulnerabilities, htdig, try htsearch?exclude=%60/etc/passwd%60 & /cgi-bin/htsearch?-c/etc/passwd
* http://www.securiteam.com/exploits/5VP0E000EM.html

* /robots.txt found!

* /modules.php found!
* Try http://www.somehost.com/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=;id

--->
- All scans done. Hackbot 2.21 -
---> Exiting.

Here is the latest:

[root]$ ssh 210.64.157.47
Host key not found from database.
Key fingerprint:
*omited*
You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)? no

Hackbot huh... NICE!