OT. Have I been hacked? IRCD?

Alexander Dalloz ad+lists at uni-x.org
Tue Dec 14 01:24:46 UTC 2004


Am Di, den 14.12.2004 schrieb mark at onnow.net um 1:02:

> I found d0s3.txt in my /tmp dir.  
> 
> Not sure how it got there.  Found this too:

Its the temporary directory for a lot of applications.

> Here is the log file from error_log.1
> 
> --19:21:21-- http://@#!@#!@#!@#!yeah.freesuperhost.com/d0s3.txt
> => `d0s3.txt'
> Resolving @#!@#!@#!@#!yeah.freesuperhost.com... done.
> Connecting to @#!@#!@#!@#!yeah.freesuperhost.com[70.84.229.131]:80...
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 20,419 [text/plain]
> 
> 0K .......... ......... 100% 74.68 KB/s
> 
> 19:21:23 (74.68 KB/s) - `d0s3.txt' saved [20419/20419]

Someone got that file from a remote 'free' webhost. Looks suspicious
just from used names.

Are you sure you have your users under control? Ever run tools like
nettop or iptraf to see what makes how much traffic?

> Mark

Alexander


-- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp 
Serendipity 02:21:01 up 3 days, 21:01, load average: 0.51, 0.58, 0.75 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20041214/f7a71f17/attachment-0002.bin 


More information about the users mailing list