Server compromissed

Bernd Radinger bradinger at
Fri Feb 18 14:08:47 UTC 2005

On Thu, 17 Feb 2005 22:20:02 -0800 (PST), paul at
<paul at> wrote:
> Apparently someone has hacked into my webserver.  And is installing perl
> scripts into he /tmp/ directory.  There usually named .linuxday* or
> .cinta* and a few other names as well.
> >From what I can tell something is causing apache to run a command like "sh
> wget -O {the above mentioned files are than listed}"
> sometimes the site is
> I'm curious if anyone has heard about this before.  I'm currently running
> Fedora 1  with all the latests security patches.

fc1 has reached EOL some time ago, and only fedora legacy releases
additional updates for it. could be that you are vulnerable because
some fixes are missing. also could be that your web pages are
insecure. php or perl pages maybe?


More information about the users mailing list