--On Wednesday, October 17, 2007 16:15:27 -0400 Josh Carroll
<[EMAIL PROTECTED]> wrote:
The stangest thing is that I cann't find sploger on my system. After a
reboot sploger doesn't appear anymore, which makes it more stranger.
So you have done a:
find / -name sploger -type f
And nothing comes up? If that's the case, it sounds like it was a perl
script that was run, then subsequently removed from the file system.
Which sounds rather nefarious to me. You might want to check for
rootkits, etc.
If you google for "sploger+perl", all you get is stuff that looks like
hacked websites being run as spam operations.
Look in /tmp for anything unusual, like directories named ". " or ".. "
or similar. Look for oddly named files in /tmp, such as dp, xz, etc.
Look at your website logs carefully. I suspect a malicious script has been
run through some exploit such as php or perl or an apache weakness.
Is all your software completely patched up to date?
--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
