On Tue, 23 Jan 2001, Albert E. Whale wrote:
> Today I found that several unwanted guests have been able to connect via
> ftp (not any more!). I also found some mysterious files 'running' on
> the server. I was able to detect the processes using the monitor
> utility (or top). However, I was UNABLE to find the processes in the ps
> -ax output?????? I've never seen this before. Is this a new exploit?
Chances are they replaced your ps with a patched version that doesn't show
their stuff.
Reinstall the procps package. Better yet, reinstall the system. You never
know what else they've done to you.
> I am curious exactly how do you create a dot directory (i.e. .puta) so
> that it is invisible to the ls -la command?
Same as with ps. They've probably patched your ls. Reinstall fileutils.
> It appears that the strings within the applications found on my Web
> server are looking for Red Hat, FreeBsd, Suse and other systems with the
> wuftpd packed version 2.6.0. PLEASE REMOVE THIS PACKAGE FROM YOUR
> ENVIRONMENT!
We (and probably everyone else) have released an errata package fixing the
problem months ago - the best way to protect yourself from attacks like
this is applying all updates your distribution releases.
LLaP
bero
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
