Re: spam and bad process trace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2006-08-01 at 15:25 +0530, Kaushal Shriyan wrote:
> Hi ALL
>  
> I am looking solution for find spamming or bad process script which is
> running using tmp location.
> /proc/PID give more info.
> if i run 
> ll /proc/* |grep cwd
> it will show current working directory
> if we try to search ll /proc/* how can we find who is sending spamming
> currently
> my simple question is i would like to search scripts from tmp and i
> would like to trace process from proc/ bad process or spam process.
>  

If you suspect the system was compromised and has a spam package
installed it is likely that other parts of the system have been
compromised as well, including the ps command and other utilities.  In
that case ps and other commands may not report the process you are
looking for.  It sounds like you are convinced the box is spewing spam,
you best bet is to shut it down and reload it from a known good backup.
Even if you did track down the specific script, which would most likely
require you to examine all items under /tmp manually, the spammer may
have a back door installed that they will use to install the spam
package again, or since you obviously tried to remove the first one they
might just trash the system.  

Best bet is to re-install and secure the system.  


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux