QUOTE(Lehrer @ Jul 17 2005, 04:46 PM)
brikface, sure, but the only problem is that you forgot to mention your domain name here
Please provide it asap for me to delete those files. By the way, the problem was with anonymous FTP configuration.
Ok it's good the files are deleted but when you say "the problem was with anonymous FTP configuration", that doesn't quite tell the whole story. Yes, a mistake in anonymous FTP config made this possible, but there must have been an individual or a group working together who exploited the mistake in such a consistent way across so many servers. In all cases a strange "/mail" subdirectory on the same level as "/home/account/pub" was used. Apparently in all cases the "/mail" subdir was used as storage for illegal software (on my server there was a full version of Sonic Foundry). But the nature of these subdirectories was very strange. As noted above by me and another user, they were not visible in the normal file system available to us through jailshell. This strongly suggests 1) An inside job, or 2) Hackers gained access to your servers on a root level. The fact that he/she or they sniffed out and hijacked specific user accounts also shows he/she or they were operating at a global root or close-to-global-root level outside the jailshell.
Please tell us what you can about this. I can understand if you want to stay silent on certain issues, but you could at least give us an indication that you're aware this wasn't just a case of random people on the net thinking they were using Anon FTP-- that you're aware it was a pretty sophisticated action possibly by one of your current or former co-workers.
--
BF