[clug] Need opinions about actions of an intruder...
Jim Watson
jim at amarooas.com.au
Thu Aug 10 09:40:03 GMT 2006
um, phishing?
On 10/08/2006, at 7:18 PM, Nedim Hadzimahmutovic wrote:
> Hi,
>
> at work an old RH 9 box, which was 'maintained' by a coworker, was
> hacked. While I was debugging asterisk on that box, I noticed a
> strange process. Later I examined /var/log/messages and noticed
> someone logged as user 'news' with uid 0. We did a backup of files,
> and also a compete reinstall of the box (FC4). The strange process was
> this one:
>
> root 7664 0.3 0.1 2024 884 ? S 13:35 0:00 sh -c
> lynx -dump "http://cgi.ebay.com/ws/eBayISAPI.dll?
> ViewItem&item=130008016306"
> | grep @ >>
> root 7665 1.6 0.2 4960 2280 ? S 13:35 0:00 lynx
> -dump http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=130008016306
>
> What do you think the intruder was doing?
>
> --
> Linux Web Hosting Services
> http://www.tophosting.ba
> --------------------------------------------
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
More information about the linux
mailing list