Hi Ritesh,
my guess is as follows:
you were hacked between 2005-11-20 and 2005-11-25.
this installed a perl script. those .fuhrer* files are related to
the hack and maybe useful as a signature of the attack.
someone hosted on maple.phpwebhosting.com is the at
On Fri, Nov 25, 2005 at 06:43:26PM +, Clive Menzies wrote:
> I read here recently about shutting out all ssh access other than your
> own but you need to be careful not to lock yourself out. You then need
> to close all the ports other than ssh. Not something I've ever done. It
> would also m
On Friday 25 Nov 2005 18:30, Derek "The Monkey" Wueppelmann wrote:
> On Fri, 2005-25-11 at 23:21 +0530, Ritesh Raj Sarraf wrote:
> > That is what got confused my at first. Since there's no /usr/sbin/httpd
> > binary in a Debian based apache installation I was wondering how this was
> > being shown.
On (25/11/05 13:30), Derek The Monkey Wueppelmann wrote:
> On Fri, 2005-25-11 at 23:21 +0530, Ritesh Raj Sarraf wrote:
> > That is what got confused my at first. Since there's no /usr/sbin/httpd
> > binary in a Debian based apache installation I was wondering how this was
> > being shown. And inter
On Fri, 2005-25-11 at 23:21 +0530, Ritesh Raj Sarraf wrote:
> That is what got confused my at first. Since there's no /usr/sbin/httpd
> binary in a Debian based apache installation I was wondering how this was
> being shown. And interestingly there was no /usr/sbin/httpd file present
> also.
If th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Derek "The Monkey" Wueppelmann on Friday 25 Nov 2005 23:10 wrote:
> On Fri, 2005-25-11 at 22:12 +0530, Ritesh Raj Sarraf wrote:
>> In my first mail, the logs showed a lot of "sh" defunct processes
>> executed from within apache. Is this an attempt to
On Fri, 2005-25-11 at 22:12 +0530, Ritesh Raj Sarraf wrote:
> In my first mail, the logs showed a lot of "sh" defunct processes executed
> from within apache. Is this an attempt to gain the shell through the web
> server ?
>
> Please suggest me what more should I look for and how to tackle this at
7 matches
Mail list logo
