[clug] Need opinions about actions of an intruder...
Nedim Hadzimahmutovic
h.nedim at gmail.com
Thu Aug 10 09:18:23 GMT 2006
Hi,
at work an old RH 9 box, which was 'maintained' by a coworker, was
hacked. While I was debugging asterisk on that box, I noticed a
strange process. Later I examined /var/log/messages and noticed
someone logged as user 'news' with uid 0. We did a backup of files,
and also a compete reinstall of the box (FC4). The strange process was
this one:
root 7664 0.3 0.1 2024 884 ? S 13:35 0:00 sh -c
lynx -dump "http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=130008016306"
| grep @ >>
root 7665 1.6 0.2 4960 2280 ? S 13:35 0:00 lynx
-dump http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=130008016306
What do you think the intruder was doing?
--
Linux Web Hosting Services
http://www.tophosting.ba
--------------------------------------------
More information about the linux
mailing list