brumie

Active Member
Dec 9, 2003
42
0
156
What counts as wierd or unusal files/dirs?
files are excutebale

on the xmas day, my friend's server almost got hack
u should check that weird file:

so far we found this kind of files on several servers /tmp:
.xcgi
r00t
w00t
xp
xmas
gift
r0nin
anyname.c --> cc code compile able

i'm sure there must be lots way they trying to hack
sometimes they also mk directory name pretending like it was a session files

-rw------- 1 nobody nobody 0 Dec 29 10:51 sess_f7139ec439e5ad737c9c22723b140123
drwxr-xr-x 2 nobody nobody 4096 Dec 29 16:41 sess_f7139ec439e5ad737c9c22723b140xxx
-rw------- 1 nobody nobody 435 Dec 28 23:42 sess_fa205a6f3a4b7a5d3a3affb915522456

see the permission drwxr-xr-x
that's directory, the man that got our server was did with that way, i can't believe when i'm enter that directory and found many executable files there

anyway that was little story of my nightmares, i'm moving to another provider that helped me lots securing my box and watching like hawk :D
oh yeah i can sleep better....

suggestion: search thread on this forum about secure your box

set tmp with noexec:
http://forums.ev1servers.net/showthread.php?threadid=27771

correct me if i'm wrong
 

B12Org

Well-Known Member
Jul 15, 2003
691
1
168
Seattle Washington
cPanel Access Level
Root Administrator
That file that you referenced is empty text file. Looks like whatever it was, its gone now. My experience was with a group calling themselves "techteam". Some hackers they were, they had to make their web page with frontpage :D :D