hacked
Manuel Arostegui Ramirez
manuel at todo-linux.com
Thu Oct 12 12:47:37 UTC 2006
El Jueves, 12 de Octubre de 2006 14:11, mark escribió:
> Steve Buehler wrote:
> > Ok. It looks like I have been hacked and they have put in a directory
> > in my webspace that is just a space. In there, is 2 directories and 1
> > file:
> > -rwxr-xr-x 1 root root 0 Oct 12 00:01 php.php
> > drwxr-xr-x 2 48 48 4096 Oct 11 23:54 signin.ebay.com
> > drwxrwxrwx 2 root root 4096 Oct 11 23:54 www.paypal.com
> >
> > I can delete everything in the 2 directories, and edit/change the
> > php.php file to empty it out because it was a php script that allowed
> > someone to do anything on the server they wanted, but I can not for the
> > life of me delete them. I thought maybe they replaced the /bin/rm file,
> > but it does not appear to be a hacked "rm".
>
> chkrootkit. Get it. Use it, now!
>
> mark
rkhunter would do the trick too.
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the redhat-list
mailing list