On Wed, 06 Jun 2012 12:20:51 -0300, francis picabia wrote: > I think I've found a compromised user account.
Wow :-( How they got into (unpatched application, password steal...)? > This is on Debian but alien is installed. The attackers have not made a > move yet, but have done some tests and kept their connections to > scp/sftp to be unnoticed by last. Kill them and correct the vulnerability >:-) > There is a directory .rpmdb uploaded to their home directory. How could > this be used to set up their software? I mean, is there a special angle > they are aiming at which achieves a result they would not have realized > by only using make on their sources? That directory can be normal if you have alien installed. But if they have access to a shell they can run the usual commands that are available for a standard user. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jqo1g4$u68$1...@dough.gmane.org
