[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
John R Pierce
pierce at hogranch.comSun Jun 14 06:08:10 UTC 2009
- Previous message: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Next message: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Linux Advocate wrote: > DID THIS GUY ACTUALLY SAVE A FILE ON MY HARD DISK??? > AAAAAAHHHHHHHHHHHHHHHHHHHH??????????????? > > Was this why rkhunter popped out with this warning? > > * Filesystem checks > Checking /dev for suspicious files... [ OK ] > Scanning for hidden files... [ Warning! ] > --------------- > /etc/.pwd.lock /usr/share/man/man1/..1.gz /dev/.udev > --------------- > Please inspect: /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /dev/.udev (directory) > > Should i delete these files? are the man files nromally .gz or .bz2 ? > > There is also a similar entry, where another file called unix2.tgz was downloaded.... > > But i cant find these files on the HDisk? > guys i am out of my league here. All assistance is deeply appreciated. > I *hope* this machine is disconnected from the internet and running a liveCD to investigate this yes, it appears you've been hacked, and have stealth files (any file with . in front oft he name is hidden and would only show with ls -a and if you *are* rootkitted, there's a strong possibility your ls and other command tools have been replaced.. and, it appears it came in via an exploit in that horde framework (I know nothing about horde)
- Previous message: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Next message: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list