hacked
Steve Buehler
steve at ibushost.com
Thu Oct 12 05:55:51 UTC 2006
At 12:39 AM 10/12/2006, you wrote:
> >I can delete everything in the 2 directories, and edit/change the
> >php.php file to empty it out because it was a php script that allowed
> >someone to do anything on the server they wanted, but I can not for
> >the life of me delete them. I thought maybe they replaced the
> >/bin/rm file, but it does not appear to be a hacked "rm".
>
>Run lsattr on the files. You might have to use chattr to allow you to
>delete them.
>
>No clue on the other stuff.
Yep, that was it. The hacker had the u and i bits set. It wasn't on
the files or the sub-directories. It was on the main directory that
was just a space. Kind of weird that I could delete all of the other
files that where under that directory.
Thanks
Steve
More information about the redhat-list
mailing list