IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 2 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New And now a cron exploit?
On the day it was hacked, once per hour for 12 hours I got an email from my crontab with a huge list of spam links. I don't see anything amiss in the crontab now. Any ideas what this was attempting to do? Or actually did?
--

Drew
New Review at jobs as well
New Other account's crontab?
The collection lives at /var/spool/cron/crontab (or .../crontabs)

One of the system logs should contain a trace of the jobs that were executed, as well as the user account that executed the job. The exact file is up to the configuration of the OS. (Most likely, either a dedicated cron log, or syslog. The service can show up as cron or CRON, so "grep -i" is needed to find them all.)
New also note /etc/cron.daily cron.weekly cron.motnly and cron.hourly
"Science is the belief in the ignorance of the experts" – Richard Feynman
     How do I research a hack tool? - (drook) - (9)
         Dunno. Contact your computing appliance vendor? - (Another Scott) - (1)
             Yeah, Dreamhost noticed it about 5 hours before I did - (drook)
         bunch of them out there, also try sans.org thought I saw an article on last mailing -NT - (boxley)
         Start with the web server logs - (scoenye) - (1)
             thanks for the tip downloaded kali linux -NT - (boxley)
         And now a cron exploit? - (drook) - (3)
             Review at jobs as well -NT - (crazy)
             Other account's crontab? - (scoenye) - (1)
                 also note /etc/cron.daily cron.weekly cron.motnly and cron.hourly -NT - (boxley)

Gleefully participating in the heat death of the Universe!
49 ms