Re: hacked
- From: Steve Buehler <steve@xxxxxxxxxxxx>
- Date: Thu, 12 Oct 2006 00:55:51 -0500
At 12:39 AM 10/12/2006, you wrote:
>I can delete everything in the 2 directories, and edit/change the
>php.php file to empty it out because it was a php script that allowed
>someone to do anything on the server they wanted, but I can not for
>the life of me delete them. I thought maybe they replaced the
>/bin/rm file, but it does not appear to be a hacked "rm".
Run lsattr on the files. You might have to use chattr to allow you to
delete them.
No clue on the other stuff.
Yep, that was it. The hacker had the u and i bits set. It wasn't on the files or the sub-directories. It was on the main directory that was just a space. Kind of weird that I could delete all of the other files that where under that directory.
Thanks
Steve
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
- Follow-Ups:
- Re: hacked
- From: Vidiot
- Re: hacked
- References:
- hacked
- From: Steve Buehler
- Re: hacked
- From: Vidiot
- hacked
- Prev by Date: Re: hacked
- Next by Date: Re: hacked
- Previous by thread: Re: hacked
- Next by thread: Re: hacked
- Index(es):
Relevant Pages
|
