At 12:39 AM 10/12/2006, you wrote:
>I can delete everything in the 2 directories, and edit/change the >php.php file to empty it out because it was a php script that allowed >someone to do anything on the server they wanted, but I can not for >the life of me delete them. I thought maybe they replaced the >/bin/rm file, but it does not appear to be a hacked "rm". Run lsattr on the files. You might have to use chattr to allow you to delete them. No clue on the other stuff.
Yep, that was it. The hacker had the u and i bits set. It wasn't on the files or the sub-directories. It was on the main directory that was just a space. Kind of weird that I could delete all of the other files that where under that directory.
Thanks Steve -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
