tdukes at sc.rr.com
Thu Dec 24 12:07:38 UTC 2009
> -----Original Message-----
> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of Manu Verhaegen
> Sent: Thursday, December 24, 2009 7:04 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] attack
> at the moment everiting is solved i have block the IP adress
> but i d'ont have found the script
So you are the attacker. Happened to me a couple weeks ago.
Check your tmp directory and subdirectory for std, udp.pl. Also check
/etc/passwd and /etc/shadow for unusual users. Should be at the very bottom
of those files.
More information about the CentOS