Hi,
i have Check my tmp directory and subdirectorys for std, udp.pl no file exist. Also i have check /etc/passwd and /etc/shadow for unusual users.
regards
-----Oorspronkelijk bericht----- Van: centos-bounces@centos.org [mailto:centos-bounces@centos.org] Namens Thomas Dukes Verzonden: donderdag 24 december 2009 13:08 Aan: 'CentOS mailing list' Onderwerp: Re: [CentOS] attack
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Manu Verhaegen Sent: Thursday, December 24, 2009 7:04 AM To: CentOS mailing list Subject: Re: [CentOS] attack
at the moment everiting is solved i have block the IP adress but i d'ont have found the script
So you are the attacker. Happened to me a couple weeks ago.
Check your tmp directory and subdirectory for std, udp.pl. Also check /etc/passwd and /etc/shadow for unusual users. Should be at the very bottom of those files.
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi,
i have Check my tmp directory and subdirectorys for std, udp.pl no file exist. Also i have check /etc/passwd and /etc/shadow for unusual users.
regards
Manu,
forgive me if i missed it when i deleted several of the posts in the thread yet how hard is it to check all the pertinent logfiles?
unless this is a very sophisticated compromise that hides, moves, or deletes things, or the management system is trash, the info you need is "typically" in one or more of the various logfiles on the system
something as simple
man less
less /var/log/httpd/access_log
less /var/log/httpd/error_log
replace appropriate logfile names as necessary...
in general, there are many you can look at to gain some wisdom...
- rh
-
Manu Verhaegen -
R-Elists