[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: hacked



At 12:39 AM 10/12/2006, you wrote:
>I can delete everything in the 2 directories, and edit/change the
>php.php file to empty it out because it was a php script that allowed
>someone to do anything on the server they wanted, but I can not for
>the life of me delete them.  I thought maybe they replaced the
>/bin/rm file, but it does not appear to be a hacked "rm".

Run lsattr on the files.  You might have to use chattr to allow you to
delete them.

No clue on the other stuff.

Yep, that was it. The hacker had the u and i bits set. It wasn't on the files or the sub-directories. It was on the main directory that was just a space. Kind of weird that I could delete all of the other files that where under that directory.

Thanks
Steve



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]