I appear to be attacking others

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Sun, 2006-02-05 at 10:01 +0100, Ralph Angenendt wrote:
> James Pifer wrote:
> > 
> > > Find one of the processes that's still alive and do "ls -l /proc/<pid>".
> > > That will give you some info about it. The exe entry should be a link to
> > > the executable itself.
> > > 
> > 
> > ok, I found it. Now what? You said run strings? I get:
> >  Multi-thread FTP scanner v0.2.5 by Inode <inode@xxxxxxxxxxxxxx>
> 
> That looks like the ftp scanner which can be found at
> <http://wayreth.eu.org/> - somebody is probably using your box to find
> insecure ftp servers for sharing files.
> 
> Can you do an "ls -lah /dev/shm/..\ /"?

Yep, I get:

ls -lah /dev/shm/..\ /
total 24K
drwxr-xr-x  3 hotmail hotmail  80 Feb  2 19:28 .
drwxrwxrwt  3 root    root     60 Feb  2 19:27 ..
drwxr-xr-x  2 hotmail hotmail 180 Feb  6  2005 nt
-rw-r--r--  1 hotmail hotmail 24K Feb  2 19:27 nt.tar.gz

James
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux