Saturday, September 29, 2007

What is MOCKS?


Great write up.

Thank you.

Yes, I want you to do as you state below. I will pay you. Please keep the backup files for me. John my partner may also write to you about this, please copy John on this also. I will cc him on this email.

Best regards,

Tom Forrest

-----Original Message-----
From: BestHoster
Sent: Saturday, September 29, 2007 3:43 PM
Subject: [#CUC-184411]: FW: httpd on failed

Dear Customer,

MOCKS is a socks server. This mean it is forwards packets and commands from a remote machine out to your server to be executed as coming from your server.

So for example, in harmless uses it can act as a proxy to get around a firewall or screening process or in more evil uses it can serve as a command and control program for launching a Denial of Service attack from your server against a 3rd machine. The presence of a tool like this, installed by root is by itself shady, unless you remember installing it for a positive purpose.

The service was not installed by any specific site, but instead as the root or administrative user. The person who installed it, installed it as a script command that removed the server logs, in an attempt to cover their tracks. This command right here:

13 cd /var/log/; rm -rf secure; rm -rf lastlog; rm -rf messages; cd /usr/bin/; rm -rf last; rm -rf lastlog; cd /root/; rm -rf .bash_history

is highly suspicious.

Considering all of the facts I am confident this server has been compromised. Reviewing it, I was not able to find any evidence that the person who compromised is actively using this exploit to abuse the server at this time. The question in my mind is when will they use the compromise, not if. When they do, they could use serious amounts of bandwidth, could delete your sites, or could cause our datacenter to unplug the machine and not plug it back in.

I suggest we run a script to backup every site to your backup drive, then submit an OS Reload and get a fresh, un-compromised, OS install so we can restore the sites and prevent the exploitation of this server.

OS Reloads, cost $25.00. Please update this ticket with authorization to begin this process so that we can finish the backups before the exploit is activated.

If you have any further questions, don't hesitate to contact us.

Steve Jones
Level 2 Admin

Ticket Details
Ticket ID: CUC-184411
Department: Level 3 Support
Status: On Hold

Intel Quad Core Q6600 Overclocking

I bought an Intel Quad Core Q6600 computer with 4GB of Ram.

The QX6850 processor costs $1,000+ more. It runs at 3 Ghz, my system is supposed to run at 2.4 Ghz, I run mine at 3.1 Ghz and it works great, no problems.

The key is you need the Asus P5K-Premium MG565 motherboard, it is great and it has the software built in to tweak all the nerd bios settings from windows. I would not do it in the Bios, too much time and effort. Plus you can really screw up your system unless you know what you are doing in the Bios set up. The Asus motherboard solves all these issues for you.

You also need to get the best CPU fan, , then get the Cooler Master case and chassis fan. You set the fan in the slick Asus windows software to performance mode and since the Cooler Master case has an inch of high quality sound proofing material in it, you do not hear the CPU fan at all no matter how fast it spins. The Asus P5K-Premium motherboard monitors your CPU temperature and automatically increases and decreases the speed of your Zalman CPU fan as needed. Also you need to buy the best and fastest Ram. If you are going to try this overclocking stuff, the most important factor is to monitor your CPU temperature. At idle it should be between 32C to 37C, and most important is the temperature at full CPU load of all four cores (100%), this should be less than 60C, however 57C would be even better.

So you save at least a $1,000 and have similar performance of the QX6850 for the price of a Q6600.

Yes there is some luck involved here because not all Q6600 chips will overclock as well as mine. I think I could go up to 3.3 Ghz or faster, however the more you push it the greater the chance it will not work, e.g. crash, not boot / post, or fry the chip etc. So be safe and happy and do not go over 3.1 Ghz on the Q6600 processor.

Good Luck.

P.S. we are not responsible if this causes you problems, this is a risky thing to do, and I am certain some people fry there CPU's. However many people have done it very successfully.

I am one such case study. Your milage may vary.

I love the Asus P5K-Premium motherboard and the cool windows based overclocking software and CPU fan speed auto adjusting software.