unknows scripts are running the server
Swapana Ghosh
swapana_ghosh
Mon May 17 11:55:54 PDT 2004
Hi to all
Few days back two of our clients' servers were hacked by the *Br*
group of hackers...
Now we are seeing that occassioanly some scripts are running and
creating files uder /tmp file with the user/group as *httpd:root*...
Today also we found one script is running as follows::
---------------------------------------------------------------------
sh -c find / \\ | grep httpd.conf 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm
/tmp/cmdtemp
---------------------------------------------------------------------
So we did not find anybody that time from any of us who is running
this script. So it is assumed that they kept this shell scipt somewhere in our
server and it is being executed or they are using Apache/php to execute the
scipt...
Please help us out.. Where we will check and how we will stop this
type of script running!!!!
Thanks in advance
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
More information about the Linux-users
mailing list