Using lsof to look through weird files, is useful too.
dan wrote:
> Eben Goodman wrote:
>
>> I recently had an irc exploit on my server running this eggdrop relay
>> thing via apache. I was able to find the offending files and remove
>> them and the eggdrop processes went away for awhile, but n
Ivan Barrera A. wrote:
Using some packaged distro (as fedora) is pretty easy
rpm -VVV on each package, and reinstall the affected ones (supossing
that you have some binary replaced)
The eggdrop.. you can wipe it out of the disk
Eben Goodman wrote:
I actually know which user it got through on
Using some packaged distro (as fedora) is pretty easy
rpm -VVV on each package, and reinstall the affected ones (supossing
that you have some binary replaced)
The eggdrop.. you can wipe it out of the disk
Eben Goodman wrote:
> I actually know which user it got through on, it came in through an
>
Eben Goodman wrote:
I actually know which user it got through on, it came in through an
insecure php nuke application. I have since removed the nuke app, but
the damage appears to be done, since this eggdrop crap is still running
on the server. Is there a way to find, and remove the software
Eben Goodman wrote:
I recently had an irc exploit on my server running this eggdrop relay
thing via apache. I was able to find the offending files and remove
them and the eggdrop processes went away for awhile, but now they are
back and try as I might I can't find any files that correspond to
thanks for the help, found the files in /var/tmp... thanks again
Eben
Dan Mahoney, System Admin wrote:
On Mon, 6 Jun 2005, Eben Goodman wrote:
find / -user apache -print
-Dan
I actually know which user it got through on, it came in through an
insecure php nuke application. I have since r
On Mon, 6 Jun 2005, Eben Goodman wrote:
find / -user apache -print
-Dan
I actually know which user it got through on, it came in through an insecure
php nuke application. I have since removed the nuke app, but the damage
appears to be done, since this eggdrop crap is still running on the se
I actually know which user it got through on, it came in through an
insecure php nuke application. I have since removed the nuke app, but
the damage appears to be done, since this eggdrop crap is still running
on the server. Is there a way to find, and remove the software once it
has found it
On Mon, 6 Jun 2005, Eben Goodman wrote:
If you're doing multi-hosting, look into suexec. the fact that it runs
CGI's as the user is kinda secondary to the fact that it shows you WHICH
user uploaded the insecure script.
For PHP scripts, I've had good luck running suPHP (which is not an
offic
Yep.
It is most probably that you were hacked through PHP.
Most common way of "hacking" this way, is abusing sites running
PHP-Nuke, phpBB, and many other sites using "unsafe" programming techniques.
If you look in the mailing archives, you can find lots of answers to
this type of problems.
(consi
I recently had an irc exploit on my server running this eggdrop relay
thing via apache. I was able to find the offending files and remove
them and the eggdrop processes went away for awhile, but now they are
back and try as I might I can't find any files that correspond to this
software. When
11 matches
Mail list logo
