Hi there bill,
Here is a copy of the cron log, the cron was running every 2 minuets ,
the file was chown www:www , i have had a look in my groups and
passwords it looks like there are no new users or root users been made
there. I removed the cron and also removed the file y2kupdate, Google
has not much about the file or what it dose , i just know i have been
hacked. if you have any idea what this hack is and how to make sure it
is cleaned off please advise
Hope this helps
Feb 26 13:01:00 nemo /usr/sbin/cron[98198]: (www) CMD
(/usr/local/www/data-dist/vegadns/.system/samseng/y2kupdate >/dev/null 2>&1)
Bill Shupp wrote:
On Feb 25, 2008, at 3:03 AM, Michael Christie wrote:
Hi all just letting you all know that i had vega dns version 0.9.9.1
hacked on me. the attacker installed a file in the /src dir and some
how set up a cron to run the script it was some kind of spam email hack.
Now i am back to hand coding the data file until i can work out how
to lock it down more.
Micheal,
Please provide as many details as you can.
Thanks,
Bill