I am finding files on my filesystem mostly where apache has access and I have no clue why they are showing up on my server nor can I find any information in my logs
Here is the Directory Listing
total 108
drwxrwxrwx 6 root root 4096 Nov 10 20:49 ./
drwxr-xr-x 7 root root 4096 Nov 10 20:36 ../
-rw-r--r-- 1 root root 0 Nov 10 20:49 file
-rw-r--r-- 1 root root 79225 Nov 10 08:35 jennifer lopez - xxx movie video college porno flick gizmo6775(1).eml
drwxrwxrwx 2 root root 4096 Nov 10 10:56 logs/
drwxr-x--- 2 nobody nobody 4096 Nov 8 19:38 script/
drwxr-xr-x 28 root root 4096 Nov 10 10:57 users/
drwxr-xr-x 4 root root 4096 Nov 10 10:56 www/
I have no clue who these .eml files are getting there is this a known vulnerability on Mandrake 8.1 Factory no extra packages installed just my web stucture but I am finding them all over
Here is anouther one they seem to recurse my web dir this is in www
drwxr-xr-x 4 root root 4096 Nov 10 20:52 ./
drwxrwxrwx 6 root root 4096 Nov 10 20:49 ../
-rw-r--r-- 1 root root 79225 Nov 10 08:35 ayumi hamasaki.nws
-rwxrwxrwx 1 apache apache 1317 Nov 8 14:06 dictionary.xql*
-rwxrwxrwx 1 apache apache 3288 Nov 8 14:06 enter.xql*
-rw-r--r-- 1 root root 0 Nov 10 20:52 file
-rwxrwxrwx 1 apache apache 1013 Nov 8 14:06 index.xql*
-rwxrwxrwx 1 apache apache 2757 Nov 8 14:06 jump.xql*
drwxrwxrwx 2 apache apache 4096 Nov 8 19:37 look/
-rwxrwxrwx 1 apache apache 1593 Nov 8 14:06 password.xql*
drwxrwxrwx 14 apache apache 4096 Nov 8 19:38 priv/
-rwxrwxrwx 1 apache apache 834 Nov 8 14:06 robots.xql*
-rwxrwxrwx 1 apache apache 1230 Nov 8 14:06 sub_pub.xql*
-rwxr-xr-x 1 root root 33196 Nov 9 14:00 www-sql*
Any clues?
Matt
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
