El Jueves, 12 de Octubre de 2006 14:11, mark escribió: > Steve Buehler wrote: > > Ok. It looks like I have been hacked and they have put in a directory > > in my webspace that is just a space. In there, is 2 directories and 1 > > file: > > -rwxr-xr-x 1 root root 0 Oct 12 00:01 php.php > > drwxr-xr-x 2 48 48 4096 Oct 11 23:54 signin.ebay.com > > drwxrwxrwx 2 root root 4096 Oct 11 23:54 www.paypal.com > > > > I can delete everything in the 2 directories, and edit/change the > > php.php file to empty it out because it was a php script that allowed > > someone to do anything on the server they wanted, but I can not for the > > life of me delete them. I thought maybe they replaced the /bin/rm file, > > but it does not appear to be a hacked "rm". > > chkrootkit. Get it. Use it, now! > > mark rkhunter would do the trick too. -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
