[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: hacked



El Jueves, 12 de Octubre de 2006 14:11, mark escribió:
> Steve Buehler wrote:
> > Ok.  It looks like I have been hacked and they have put in a directory
> > in my webspace that is just a space.  In there, is 2 directories and 1
> > file:
> > -rwxr-xr-x  1 root root    0 Oct 12 00:01 php.php
> > drwxr-xr-x  2   48   48 4096 Oct 11 23:54 signin.ebay.com
> > drwxrwxrwx  2 root root 4096 Oct 11 23:54 www.paypal.com
> >
> > I can delete everything in the 2 directories, and edit/change the
> > php.php file to empty it out because it was a php script that allowed
> > someone to do anything on the server they wanted, but I can not for the
> > life of me delete them.  I thought maybe they replaced the /bin/rm file,
> > but it does not appear to be a hacked "rm".
>
> chkrootkit. Get it. Use it, now!
>
> 	mark

rkhunter would do the trick too.

-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]