[CentOS] I appear to be attacking others
James Pifer
jep at obrien-pifer.com
Sun Feb 5 09:13:57 UTC 2006
On Sun, 2006-02-05 at 10:01 +0100, Ralph Angenendt wrote:
> James Pifer wrote:
> >
> > > Find one of the processes that's still alive and do "ls -l /proc/<pid>".
> > > That will give you some info about it. The exe entry should be a link to
> > > the executable itself.
> > >
> >
> > ok, I found it. Now what? You said run strings? I get:
> > Multi-thread FTP scanner v0.2.5 by Inode <inode at wayreth.eu.org>
>
> That looks like the ftp scanner which can be found at
> <http://wayreth.eu.org/> - somebody is probably using your box to find
> insecure ftp servers for sharing files.
>
> Can you do an "ls -lah /dev/shm/..\ /"?
Yep, I get:
ls -lah /dev/shm/..\ /
total 24K
drwxr-xr-x 3 hotmail hotmail 80 Feb 2 19:28 .
drwxrwxrwt 3 root root 60 Feb 2 19:27 ..
drwxr-xr-x 2 hotmail hotmail 180 Feb 6 2005 nt
-rw-r--r-- 1 hotmail hotmail 24K Feb 2 19:27 nt.tar.gz
James
More information about the CentOS
mailing list