[CentOS] I appear to be attacking others
James Pifer
jep at obrien-pifer.com
Sun Feb 5 08:27:21 UTC 2006
> Looks like someone may have guessed the password to this account. Use
> "netstat -plan" to find out what PID 15763 is connected to.
>
The foreign address is coming from a whole bunch of different places.
> > hotmail 6445 0.0 0.1 4428 856 pts/3 S Feb04 0:00 |
> > \_ /bin/sh ./s 63.200.0.0/16
> > hotmail 6446 0.1 0.0 308976 484 pts/3 Sl Feb04 1:25 |
> > | \_ ./f -h 63.200.0.0 16 -u users -p pass -t 3 -c 30 -o log -d -k -C
>
> Also find out what these 2 executables are about. If they're binary then
> run strings on them.
>
How do I tell where these executables are? And when I find them, how do
I runs strings on them?
> And most importantly, run "usermod -s /sbin/nologin hotmail".
I ran this.
Really appreciate your help.
James
More information about the CentOS
mailing list