Portal Home > Knowledgebase > Articles Database > my code is stolen
my code is stolen
| Posted by itnerd, 11-10-2009, 06:46 PM |
| my code is stolen and guy is selling as clone of my website,
what to do?
how to trace how he got my code?
are there any scp or ftp logs on server.
everthing gets logged on linux any logs by which this guy can be traced.
this guy is running hosting biz and all sites on his server are fishy and warez
|
| Posted by Mavus, 11-10-2009, 08:38 PM |
| You cannot afford an attorney to handle this if you did not first register your code intellectual property with some kind of digital signature.
The point of control was 'before' it was stolen. Maybe you can 'prove it' to his host provider on your own by making his life miserable with frequent complaints.
Being 'vulnerable' is a sword that swings in many directions.
But, however and a little caution in my advice:
If this thief knows more than you do, pissing him off could be ill-advised.
|
| Posted by Brian-de-vie, 11-10-2009, 09:23 PM |
| Wise words
|
| Posted by itnerd, 11-10-2009, 11:13 PM |
| I want to track this guy how he got my code
he is running hosting biz and it looks to me he is involved with my host.
for linux guruz. let me know how to track from logs
where are scp, and ftp logs on server with whm and cpanel.
are there any logs to find out and track this guy how he did that
|
| Posted by TheOnly92, 11-11-2009, 12:11 AM |
| If he has direct/indirect access from your host, seems quite useless to track how he did that. You should probably leave that host and find another.
|
| Posted by M Bacon, 11-11-2009, 12:48 AM |
| Do you have ioncube for your script?
|
| Posted by itnerd, 11-11-2009, 01:19 AM |
| I am serious and I want to track him at all cost
|
| Posted by itnerd, 11-11-2009, 01:22 AM |
| no we dont
|
| Posted by Kailash12, 11-11-2009, 01:39 AM |
| If they have downloaded the data via FTP, you can check the logs from /var/log/messages.
|
| Posted by itnerd, 11-11-2009, 02:08 AM |
| here is rkhunter result I cant find anything in it
rkhunter -c
[ Rootkit Hunter version 1.3.4 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ Warning ]
/bin/awk [ OK ]
/bin/basename [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/csh [ OK ]
/bin/cut [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/env [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/kill [ OK ]
/bin/logger [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/mail [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/passwd [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/rpm [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/sort [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/gawk [ OK ]
/bin/tcsh [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/du [ OK ]
/usr/bin/elinks [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/groups [ Warning ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/kill [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ Warning ]
/usr/bin/less [ OK ]
/usr/bin/links [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lynx [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/readlink [ OK ]
/usr/bin/rkhunter [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ Warning ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/gawk [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/fuser [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/kudzu [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/nologin [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/kudzu [ OK ]
/usr/sbin/lsof [ OK ]
/usr/sbin/prelink [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/sestatus [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/local/bin/perl [ OK ]
[Press to continue]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
****`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
IntoXonia-NG Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx Rootkit (strings) [ Not found ]
Phalanx2 Rootkit [ Not found ]
Phalanx2 Rootkit (extended tests) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
Vampire Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Checking for Apache backdoor [ Not found ]
Performing Linux specific checks
Checking loaded kernel modules [ OK ]
Checking kernel module names [ OK ]
[Press to continue]
Checking the network...
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
[Press to continue]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Not allowed ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
[Press to continue]
Checking application versions...
Checking version of Exim MTA [ OK ]
Checking version of GnuPG [ OK ]
Checking version of Apache [ OK ]
Checking version of Bind DNS [ OK ]
Checking version of OpenSSL [ OK ]
Checking version of PHP [ OK ]
Checking version of Procmail MTA [ OK ]
Checking version of OpenSSH [ OK ]
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 132
Suspect files: 5
Rootkit checks...
Rootkits checked : 118
Possible rootkits: 0
Applications checks...
Applications checked: 8
Suspect applications: 0
The system checks took: 55 seconds
|
| Posted by Brian-de-vie, 11-11-2009, 10:20 AM |
| Cost in terms of money, time & your business would be very severe,
can you actualy afford it ?
I understand your frustration/anger, but some times in life we simply have to put things down to experience, let go and move forward.
|
| Posted by itnerd, 11-11-2009, 11:11 AM |
| off course I mean it.
I am checking logs and I know linux is pretty helpful in logs.
that guy is selling code saying he got clone of my site on different forums.
I ll track him IA in all means.
I want help of this community, if some has good to share.
how to track easily.
which logs could be more helpful or make my task easy
|
| Posted by Mavus, 11-11-2009, 11:57 AM |
| I am a warrior at heart for sure and boy it can be too easy to slip into battle.
And I think it is noble of you to see this through, but I would better disguise your motives and break down in detail what you need to know to better get your objectives accomplished 'by your self'.
A great opportunity to unfold your own skills and knowledge, but it is your opportunity.
Read some books, I can recommend these...
'Security+ Deluxe study guide' by Emmett Dulaney
'Counter Hack Reloaded, A Step-by-Step Guide to Computer Attacks and Effective Defenses' by Ed Skoudis with Tom Liston
'linux administrator STREET SMARTS, a real world guide' by Roderick W. Smith
And 'Linux toolbox' series where they sport use of 1000+ linux commands generally by the author, Christopher Negus
You have been caught with your pants down around your ankles, naive and unprepared.
Get yourself up to snuff!!
Kind Regards,
|
| Posted by ianeeshps, 11-16-2009, 09:11 AM |
| var/log/xferlogs
/var/log/messages
but if u suspect the host stolen it then i dont believe to have a history for that.. They can clear it easily.....
|
Add to Favourites 
Print this Article
Also Read
