Re: Question about a (spam-)bot that creates subdirectories in /tmp
From: Jem Berkes (jb_at_users.pc9.org)
Date: 07/26/04
- Next message: William Park: "Re: bash script for iptables"
- Previous message: Dr. Robert Meier: "Re: GPL question, can open source code can be used to prop. platform?"
- In reply to: Sigmar Wiesmayr: "Question about a (spam-)bot that creates subdirectories in /tmp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 26 Jul 2004 16:38:29 GMT
> Does anybody known something about a bot or
> something similar?
>
> I've found a directory /tmp/,../ with the following content:
>
> This always can be found when the machine started to send masses
> of emails.
I don't know of a specific worm on UNIX that does this. From the uids I
would assume that someone has compromised your system via the web server,
and has been able to run arbitrary code. Perhaps a vulnerable CGI script or
old PHP version.
You should keep a backup copy of the hard drive for analysis, but your only
option for your Internet connected system is to wipe out everything and
install the OS again, this time making sure that all software is up to date
and unnecessary services are disabled.
-- Jem Berkes http://www.sysdesign.ca/
- Next message: William Park: "Re: bash script for iptables"
- Previous message: Dr. Robert Meier: "Re: GPL question, can open source code can be used to prop. platform?"
- In reply to: Sigmar Wiesmayr: "Question about a (spam-)bot that creates subdirectories in /tmp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
