On Mon, Jan 9, 2012 at 5:20 PM, Luisa Ester Navarro <luisa2010@xxxxxxxxxxx> wrote: > > > ________________________________ > > I didn´t have any cronjobs but when I detected the attack I saw one in > /var/spool/cron > My logifle says > User apache: > > /var/tmp/.autorun/update >/dev/null 2>&1: 2162 Time(s) > > personal crontab deleted: 56 Time(s) > > personal crontab listed: 1 Time(s) > > personal crontab replaced: 1 Time(s) > > Thanks > Google tells me that this is output from a cpanel perl script - probably a crontab editor. crontabs are not evidence of an attack. You need to show more details of what you think is happening, and why you think it is malicious. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|