Re: Group permissions changed

From: Eduardo Tongson (propolice_at_gmail.com)
Date: 09/29/05

  • Next message: joop gerritse: "Re: Group permissions changed"
    Date: Thu, 29 Sep 2005 16:45:22 +0000
    To: focus-linux@securityfocus.com
    
    

    On 28 Sep 2005 18:33:24 -0000, sf_submit@yahoo.com <sf_submit@yahoo.com> wrote:
    > I posted this before on the security basics, but haven't recieved a response, and it worries me a bit, so I'm sending this to a few other groups in hopes that someone will have an idea about it.
    >
    > ---
    >
    > Fairly recently I noticed my ftp client wouldn't list files in certain directories on my server anymore - so I ssh'd in (it's dedicated), and did a ls -aFl on the files, hoping to see what the problem was - here are a few of the results:
    >
    > -rw-r--r-- 1 larry 503 371 2005-02-25 08:36 head.php
    > -rw-r--r-- 1 larry 48 873 2005-09-09 03:23 foot.php
    >
    > I never set the group ids to 503 or 48, so I checked just to make sure - and no groups with those ids even exist. Is there an exploit/tool that causes this, and should I be worried?
    >

    503 and 48 has [r] rights only no need to worry.
    Whoever uploaded the files probably had the owner/group preserved.

    > I checked the processes running, and everything seems to be OK - same with any processes connecting to the internet.

    Ask or check how these files are uploaded.

    --ed


  • Next message: joop gerritse: "Re: Group permissions changed"

    Relevant Pages

    • Re: Group permissions changed
      ... > I posted this before on the security basics, ... > response, and it worries me a bit, so I'm sending this to a few other ... Joop Gerritse ...
      (Focus-Linux)
    • Group permissions changed
      ... I posted this before on the security basics, but haven't recieved a response, and it worries me a bit, so I'm sending this to a few other groups in hopes that someone will have an idea about it. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Help a stranded Platypus
      ... I'd actually intended to post this to ukrm, ... impressed with the quick response here. ... No worries. ... Jumpstart duly provided by what appeared to be an untidy clump of long black ...
      (uk.rec.motorcycles.classic)
    • Re: Best Kept Secrets
      ... The more I think about it the more it worries me. ... I'm glad I did go through old posts and that I ... >> get a response from this person in regards to my own question! ...
      (alt.computer.security)
    • Re: Best Kept Secrets
      ... The more I think about it the more it worries me. ... I'm glad I did go through old posts and that I ... >> get a response from this person in regards to my own question! ...
      (microsoft.public.security)