Server Infections

From SentryOutpost

Somebodies been installing files and programs of an unknown purpose on our computers.

[edit] Sentry Outpost

Mkaos has received a hosting bill for 9TB of bandwidth in one month, this is certainly an error so we have been investigating. So far we have found rogue processes and three particularly interesting ports, 1031, 1313, 5217.

• Port 1031 - A port that gives access to some sort of corrupted data

• Port 1031 Text - Text from the gibberish found on port 1031

• Port 1031 Plaintext - unidentified text found from port 1031, probably from the old Forum or Private Messages.

• Port 1313 - A port that monitors access to the other ports

• Port 4196 - The PerlMUD port

• Port 4243 - The PerlMUD in action!

• Port 5217 - The key port that allows access to port 1031

• Backup Folder - A locked folder found by StuR

• BOIL Process - What we know of this entity

• Coredump - A record of supplicants

• MUD help - Lost and confused? Me too :( Start here! All of these commands are also available on the MUD, but I wanted something I could print and/or refer to elsewhere.

[edit] http://68.209.174.80/

AKA the website of GetMEout

• Second BOIL Process
• GetMEout's PC