[K12OSN] bin files change on reboot

Nils Breunese nils at breun.nl
Sun Feb 17 22:39:50 UTC 2008 

Ryan Collins wrote:

> You need to reformat and re-install, it's the only way to be sure.
>
> If has been hacked, it's probably doing all sorts of nasty suff on  
> the Internet.

+1

I think it's already somewhat irresponsible to put a machine online  
that runs an EOL'd OS, but if you *know* it's been hacked then you  
really need to reinstall this one. I can recommend K12LTSP 5EL.

Nils Breunese.

> On 2/17/08, Barry Cisna <brcisna at eazylivin.net> wrote:
>> Hello List,
>>
>> This is kind of a weird scenario. On an FC5 K12ltsp server I set up  
>> at
>> some peoples house over a year ago. I know this server has been  
>> hacked
>> into some time back as I can see by the rkhunter logs for some  
>> time. I
>> view it from time to time remotely via Webmin. What happens on this  
>> server
>> is each time it gets rebooted ( which is not very often) other than  
>> over
>> this weekend due to ice storm/power outage here), there are a few bin
>> files that end up being the wrong date/and the wrong file sizes. Most
>> everything still works OK other than lots of behind the scenes  
>> things,
>> such as if I simply do a 'uname -a ' I get segmentation fault and  
>> if i try
>> to use the zip program i get errors. I took and copyed from a good  
>> FC5
>> server the bin files and placed onto this particular server,so when  
>> this
>> happens I explained to them how to copy paste the good bin/files  
>> into the
>> /bin folder each time they end up having to reboot this server.  
>> Once the
>> correct bin files are copyed into the bin folder then there are no  
>> more
>> segmentation faults and the zip program functions correctly,etc.I  
>> still
>> have not figured out "were" these files come from each time this  
>> server is
>> rebooted? This server runs rock solid and they really don't need to  
>> update
>> to anything newer as they just use it to web browse and email thing.
>> BTW; i did delete a couple diretories that had been added with some  
>> sort
>> of system scanner files to ftp out to a remote server some time back
>> ,thinking this may have been the resolve for this. No Joy:(.
>> Anyone have any ideas were to look?
>>
>> Thanks,
>>
>> Barry Cisna

More information about the K12OSN mailing list