[CentOS] attack

Thomas Dukes tdukes at sc.rr.com
Thu Dec 24 12:07:38 UTC 2009


> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Manu Verhaegen
> Sent: Thursday, December 24, 2009 7:04 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] attack
> at the moment everiting is solved i have block the IP adress 
> but i d'ont have found the script

So you are the attacker.  Happened to me a couple weeks ago.

Check your tmp directory and subdirectory for std, udp.pl.  Also check
/etc/passwd and /etc/shadow for unusual users.  Should be at the very bottom
of those files.

More information about the CentOS mailing list