0
Welcome Guest! Login
0 items Join Now

What's an eggdrop??

Last Post
Search Topic

  • What's an eggdrop??

    Posted 17 years 3 weeks ago
    • Hi

      I have a website for a local pub which has caused me now problem for years....but yesterday it was unobtainable. No IP address, not authorized to view, 500 errors, 404 errors you name them I was getting them. I logged a call with my host and they came back and told me I had a server script running that was hogging the server resources. I asked what script and was told it was a script

      .dev12/eggdrop

      First thought was a virus so I logged onto the server and apart from the Joomla folders, I have .unix, .dev12 and the good old "..." directory. I also have two gz files that I do not recognise - psy.tar.gz and busuk.tar.gz along wth text files that contains "Perl/Shellbot.B trojan"

      I reported it to the host and they said...

      The Linux operating system that the servers are hosted on is literally virus free.
      The "virus" supposedly on the package shouldn't be a problem unless you specifically request to download it.

      So why do I seem to have an IRC bot sitting on the root of public_html with infected files there as well?? And what is it doing for site visitors?

      Is it me being overally suspicious or is the host company bonkers?

      Any guidance you can offer will be appreciated

      Cheers for now

      Kevin
    #165286
    • Andy Miller's Avatar
    • Andy Miller
    • Preeminent Rocketeer
    • Posts: 9919
    • Thanks: 96
    • Web Kahuna

    Re: What's an eggdrop??

    Posted 17 years 3 weeks ago
    • eggdrop is an IRC bot script. I have no clue why you have that file, it could well be because your account is comprimised, and some hacker kiddie dropped that script there so it could run from your account.
    #165419

  • Re: What's an eggdrop??

    Posted 17 years 3 weeks ago
    • Cheers Andy

      It's the tail end of the Easter hols here so I guess the wee loons are bored with the wiis and are mucking around with IRC bots instead!

      Ok - so if I can take up just a bit more of your time....

      Any suggestions as to how do I lock down my site so this doesn't happen again and what do I do to remove the bots that I currently have?? Or should I be passing this responsibility onto my hosting company as it's their server. I'm still amazed that they don't seem to care that their servers have been compromised..esp if it is bored kids downloading scripts off the net to put on any "open" servers they come across!

      Thanks for the support

      K
    #165437
    • Andy Miller's Avatar
    • Andy Miller
    • Preeminent Rocketeer
    • Posts: 9919
    • Thanks: 96
    • Web Kahuna

    Re: What's an eggdrop??

    Posted 17 years 3 weeks ago
    • most likey scenario is they used a vulnerable 3rd party component you are running to upload files. i would check to make sure you are running the latest versions of everything. Next change your account password in case it was somehting obvious and someone just guessed it. The last thing is to lock down your permissions if possible. Make sure you don't have things set to 777, ie, anyone can write to stuff. You might need to contact your hosting provider to get further help with this as it's very specific to who you host with. good luck!
    #165438

Time to create page: 0.231 seconds