Folder problem (possible hacking)
Thomas Cameron
thomas.cameron at camerontech.com
Thu Nov 11 03:54:23 UTC 2004
On Wed, 2004-11-10 at 12:03 +0100, Franco wrote:
> Hi, on my server i have any folder /var/tmp/ /.tmp/ there are a folder
> without characters and i can't cd into it.
> Can anyone help me?
>
I'm betting you've been broken into. You need to run couple of
commands:
"rpm -Va" will tell you if any of the binaries on your system (like ls,
ps, an others) have been tampered with.
"find /var/tmp" will reveal the contents of that funky directory. If
it's mp3's or movie files something like that, you've been broken into.
You can also try to use double-quotes to get into that directory, type
exactly this:
cd "/var/tmp/
and then hit the tab key - it might complete the command you are typing
to take you into that directory.
You might also have other stuff on your system you don't want. You can
run the command:
find / -type f | xargs rpm -qif | grep -i "is not owned" 2> /dev/null
This will reveal any files that live on your drive that aren't there
from a package.
Good luck.
--
A: Because people read from top to bottom.
Q: Why is top-posting bad?
Thomas Cameron, RHCE, CNE, MCSE, MCT
More information about the fedora-list
mailing list