Quote:
Originally Posted by WeMasterz5
ok... this is getting silly.... dont mind me I am getting frustrated with this
have done most if everything from these forums to secure server.. the last week or so I am getting files written to the /tmp dir that is doing something to crash the server
-rw-r--r-- 1 nobody nobody 110 Jun 23 16:32 own.c
int getuid() { return 0; }
int geteuid() { return 0; }
int getgid() { return 0; }
int getegid() { return 0; }
-rwxr-xr-x 1 nobody nobody 4587 Jun 23 16:31 own.so*
--wxrw--wt 1 nobody nobody 19258 Jun 23 16:29 r0nin*
suggestions... please
|
haha.. people are still using lsroot.c I see. Your box is getting forkbombed by a clueless ./kiddie who is likely exploiting a web application (as noted by the uid.gid nobody.nobody), and thinks that they're rooting your box when running the "own" script (or, more specifically, whatever script that is creating the own.so shared object).
See this:
interesting
and you can either hire an admin to figure out how the attacker is accessing your box (recommended), or start digging through your domain logs for activity on June 23rd around 16:29 - 16:31. Let us know if you find anything interesting!