James Pifer wrote: >On Sun, 2006-02-05 at 10:23 +0100, Ralph Angenendt wrote: > > >>James Pifer wrote: >> >> >>>On Sun, 2006-02-05 at 10:01 +0100, Ralph Angenendt wrote: >>> >>> >>>>Can you do an "ls -lah /dev/shm/..\ /"? >>>> >>>> >>>Yep, I get: >>> >>> >>>drwxr-xr-x 2 hotmail hotmail 180 Feb 6 2005 nt >>> >>> >>And now please the contents of this directory ... >> >> > > >Contents are: > ># pwd >/dev/shm/.. /nt ># ls -l >total 76 >-rwxr-xr-x 1 hotmail hotmail 22400 Feb 6 2005 f >-rw-r--r-- 1 hotmail hotmail 17266 Nov 1 2004 f.c >-rw-r--r-- 1 hotmail hotmail 2574 Feb 5 02:22 log >-rw-r--r-- 1 hotmail hotmail 16122 Jun 9 2005 pass >-rw-r--r-- 1 hotmail hotmail 109 Feb 6 2005 README >-rwxr-xr-x 1 hotmail hotmail 64 Feb 6 2005 s >-rw-r--r-- 1 hotmail hotmail 59 Jun 9 2005 users > >James > > You might want to do a ls -al on that directory, as I've seen hackers use hidden files or directories which don't show using just -l. Also, you might want to take a look in the usual suspects, like /tmp.. /var/tmp.. again, ls -al to see if you can find anything perhaps left for later use. Gee.. ain't it fun? John Hinton