On Wed, 06 Jun 2012 12:20:51 -0300, francis picabia wrote: > I think I've found a compromised user account.
Wow :-( How they got into (unpatched application, password steal...)? > This is on Debian but alien is installed. The attackers have not made a > move yet, but have done some tests and kept their connections to > scp/sftp to be unnoticed by last. Kill them and correct the vulnerability >:-) > There is a directory .rpmdb uploaded to their home directory. How could > this be used to set up their software? I mean, is there a special angle > they are aiming at which achieves a result they would not have realized > by only using make on their sources? That directory can be normal if you have alien installed. But if they have access to a shell they can run the usual commands that are available for a standard user. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
