Compromised RaQ 4

Hello there!

I recently found out that my ISP has disabled one of my machines (lbpb.clueless.net)

Apparently, SpiritOne (My Network Provider) got a nasty email from eBay people, saying that there was a fraud attempt from clueless.net.
(

/home/sites/home/web/cgi_bin
/home/sites/home/web/cgi_bin/cgi_bin
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/cgi-bin
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/cgi-bin/images
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/cgi-bin/images/pixel.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/css
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/css/pp_styles_111402.css
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/css/pp_table_styles.css
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/css/xpt.css
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/css/xptInvoice.css
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/css/xptlive.css
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/css/xptObsolete.css
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_buyerCredit_50x50.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_eBusMrkGuide_50x50.jpg
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_fpo1_183x90.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_fpo3_183x50.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_join_190x75.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_mrb_earn1000_150x150.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_newCheckOut_50x50.jpg
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_PVNbnr_123x116.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_sellerProtection_50x50.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/bnr_wWide_182x75.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/bnr/paypal_mrb_banner.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/btn
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/btn/btn_fxnH_signUpNow_115x21.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/btn/button_demo.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/demo
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/demo/demo_mrb_200x230.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/hdr_mrb_earn_177x100.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/hdr_securityCenter_240x120.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/spot_buyerCredit_235x100.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/spot_buyerTab_117x113.jpg
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/spot_integratePP_183x66.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/spot_sellMerchTab_317x113.jpg
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/t1Hdr_auctionTools_589x133.jpg
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/t1Hdr_merchantTools_589x133.jpg
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/header/t1Hdr_nextevol_563x156.jpg
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/help
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/help/help_folder.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_avoid_67x54.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_community_logo.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_integrate_30x30.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_invoice_30x30.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_protection_30x30.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_receivingManaging_30x30.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_register_30x30.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_shipping_30x30.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_shoppingCart_30x30.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_shops_logo.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/icon_spoof_64x57.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/icon/pp_favicon_x.ico
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/logo
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/logo/bbbmark.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/logo/logo_pdn_100x50.gif
/home/sites/home/web/cgi_bin/cgi_bin/webscr=cmd=_home/en_US/i/logo/logo_Sun.gif

Can anyone tell me how this box was compromised? Do you need to see any more errors? (Note: There's currect release of PHP on the RaQ

 

 

 

 

Top