hacked
mark
mroth at cfl.rr.com
Thu Oct 12 12:11:35 UTC 2006
Steve Buehler wrote:
> Ok. It looks like I have been hacked and they have put in a directory
> in my webspace that is just a space. In there, is 2 directories and 1
> file:
> -rwxr-xr-x 1 root root 0 Oct 12 00:01 php.php
> drwxr-xr-x 2 48 48 4096 Oct 11 23:54 signin.ebay.com
> drwxrwxrwx 2 root root 4096 Oct 11 23:54 www.paypal.com
>
> I can delete everything in the 2 directories, and edit/change the
> php.php file to empty it out because it was a php script that allowed
> someone to do anything on the server they wanted, but I can not for the
> life of me delete them. I thought maybe they replaced the /bin/rm file,
> but it does not appear to be a hacked "rm".
chkrootkit. Get it. Use it, now!
mark
More information about the redhat-list
mailing list