On Sun, 23 Feb 2003 10:34:27 -0600, Bret Hughes wrote > On Sun, 2003-02-23 at 09:38, Mike Vanecek wrote: > > Someone has ftp'd a file to my incoming folder with the name: > > > > !! Just a Comment that you may want to READ.txt > > > > The file permissions were set as rw r r which obviously is not a good thing. > > Further, I am unable to less it or delete it. I did change the permissions to > > 000 by chmod 000 *. > > > > This is RH 7.1 running proftpd-xinetd, proftpd-1.2.2-3.5.swsoft. > > > > How to I get rid of the offending message? > > > > How do I prevent it from happening again? > > > > Thanks, Mike. > > > > as for the file, look at the extended attributes with lsattr I is > probably set with the i ( immutable) flag
lsattr is not installed on my system. An ls of the directory: [EMAIL PROTECTED] incoming]# d total 5.0k drwxrwx-wT 2 ftp ftp 1.0k Feb 22 18:55 ./ drwxr-xr-x 4 ftp ftp 1.0k Jan 7 21:52 ../ -rw-r--r-- 1 ftp ftp 1.2k Feb 22 18:55 !! Just a Comment that you may want to READ.txt -rw-r--r-- 1 root root 89 Jan 7 21:54 .message The long file name with !! has prevented me from doing anything with it except via a wildcard *. > chattr -whateverflag flag should remove whatever it is set to. chattr not installed on my system either. If it was, I do not know the syntax to override the long name with !! at the beginning. > As to the how, you have been hacked. There are lots of threads in this > list on what to do. to secure your box. > > See the archives at > > http://marc.theaimsgroup.com/?l=redhat-list Searched and found nothing relating to this problem. Also looked at the proftpd home page with no results. The file contains: [quote] I get lots of uploads and I always appreciate it so please don't think I'm complaining but, I have an index file in this dir, it can also be found at: www.ae.utexas.edu/~johnv/mp3 Please make use of this, load it, hit ctrl+f and search for what you're looking for, it's much quicker for you. So, if you're going to upload check that first to see if I've already got whatever you were planning to upload. Searching the index is by far the fastest way to find things. I spend a considerable amount of time trying to share music and making it easy for everyone, so good uploads are appreciated. Also, I normally leave unfinished albums in the uploads dir for a while in hopes that you will return to finish the upload. Unfinished uploads are a waste of your time and mine, please try to avoid it. Finally, I do give out accounts to random people.... best way to get my attention is offer me an account on your FTP server.... don't have one, well download the File List Creator in the login dir and make an index If you contact me, you'll get much better response if there's an e-mail with an index attached to it. Oh yeah, I really wouldn't recommend downloading from the uploads dir... most of what's in here is incomplete. This is just my opinion however. [/quote off] My transfer log shows: Sat Feb 22 18:55:42 2003 0 pc-80-193-233-222-en.blueyonder.co.uk 1269 /var/ftp/incoming/!!_Just_a_Comment_that_you_may_want_to_READ.txt a _ i a [EMAIL PROTECTED] ftp 0 * c Can anyone give me a bit more to go with? -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
