paypal scam - tracing link
Bob McClure Jr
bob at bobcatos.com
Thu Oct 26 19:36:12 UTC 2006
On Thu, Oct 26, 2006 at 12:20:35PM -0700, Bret Stern wrote:
> Afternoon,
>
> Can anyone suggest how to find and delete these files which show up
> during a locate command.
>
> I've looked in the folders below (where the locate command found
> them), but cannot find the files.
>
> Any help would be appreciated.
>
> Bret Stern
>
> /usr/local/apache/htdocs/www.paypal.com
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run/updates
> -paypal
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run/updates
> -paypal/addr.gif
>
> <long list trimmed>
>
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run/updates
> -paypal/update.php
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run/updates
> -paypal/_login-submit.htm
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run/updates
> -paypal/login.html
> /usr/local/apache/htdocs/www.paypal.com/cgi-bin/webscrcmd=_login-run/updates
> -paypal/cc.db
The database that "locate" works from is built a little after 4am
every day. So it looks like the files were there then, but not now.
As root, run "updatedb" to rebuild the database, and see if the
problem still exists.
The next question, of course, is, has your machine been cracked by a
phisher?
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob at bobcatos.com http://www.bobcatos.com
"Where you go in the hereafter depends on what you were after here."
- Thanks to Graffiti, 2 March 2004
More information about the Redhat-install-list
mailing list