From: Anastasios Tsiolakidis <none@sokratis.dk--gmail.com.lh.bsd-dk.dk> Date: Sun, 12 Dec 2010 14:05:37 +0100 Subject: Re: Er min server blevet hacket? To: bsd-dk@bsd-dk.dk
2010/12/12 Sven Esbjerg <none@list0--xbsd.net.lh.bsd-dk.dk>:
> On Sun, Dec 12, 2010 at 01:17:18PM +0100, Sven Esbjerg wrote:
>> On Sun, Dec 12, 2010 at 12:25:43PM +0100, Jette Derriche wrote:
>> > fstat afslørede synderne:
>> >
>> > ---------------------------------------
>> > 1 USER CMD PID FD MOUNT INUM MODE SZ|DV R/W
>> > 987 root zgcqesjovzlqfeo 2710 320* internet stream tcp c31f4278-
>> > [...]
>> > 61 root jdauyqkcwxsowzx 2731 5* internet stream tcp c2fb84f0
>> > [...]
>> > 1280 root vopnnrxxixfneke 2709 18* internet stream tcp c3026000
>> > ---------------------------------------
>>
>> 2. disse programmer som kører - kører de som root eller fx som webserveren?
>
> Ehhh.... nærlæste lige... og svarer mig selv.
>
> Så du er blevet root'et. Du bør arbejde mod at reinstallere og starte forfra.
I think you should upload the offending executables somewhere so we
can have a closer look, they may be known of course to antivirus
programs.
AT
This archive was generated by hypermail 2b30 : Fri 31 Dec 2010 - 23:00:01 CET