| View previous topic :: View next topic |
| Author |
Message |
marquischan
Tux's lil' helper
Joined: 19 Mar 2005
Posts: 108
|
|
| Back to top |
|
 |
didymos
Advocate
Joined: 10 Oct 2005
Posts: 4798
Location: California
|
 Posted: Thu Nov 29, 2007 4:23 pm Post subject: |
 |
|
Well, see the "#!/usr/bin/perl" at the beginning?
_________________
Thomas S. Howard |
|
| Back to top |
|
|
marquischan
Tux's lil' helper
Joined: 19 Mar 2005
Posts: 108
|
| Posted: Thu Nov 29, 2007 4:45 pm Post subject: |
|
|
| I found this file in my system ~~ |
|
| Back to top |
|
|
tcd
n00b
Joined: 08 Aug 2007
Posts: 11
|
| Posted: Thu Nov 29, 2007 7:04 pm Post subject: |
|
|
| marquischan wrote: | | I found this file in my system ~~ |
Looks like you're in serious risk of being rootkit'ed by another useless scriptkiddie. Or you already are. |
|
| Back to top |
|
|
ToeiRei
Veteran
Joined: 03 Jan 2005
Posts: 1191
Location: Austria
|
| Posted: Fri Nov 30, 2007 1:02 am Post subject: |
|
|
another ircbot...
As you don't know what things already have been modified, I'd recommend a fresh install
Rei
_________________
Please stand by - The mailer daemon is busy burning your messages in hell... |
|
| Back to top |
|
|
marquischan
Tux's lil' helper
Joined: 19 Mar 2005
Posts: 108
|
| Posted: Fri Nov 30, 2007 2:12 am Post subject: |
|
|
| Can it take my root privilege? |
|
| Back to top |
|
|
Mantaar
Apprentice
Joined: 17 May 2007
Posts: 219
|
| Posted: Fri Nov 30, 2007 3:01 am Post subject: |
|
|
| marquischan wrote: | | Can it take my root privilege? |
Depends. Where did you find the file (in what directory?)
It's not always neccessary to re-install a system where the kid didn't really compromise the machine that hard - like when he only got into your user's writable space.Then it should be sufficient to wipe all dotfiles and startup scripts. But a fresh reinstall is always the safe way to go.
_________________
Error compiling committee.c: too many arguments to function. |
|
| Back to top |
|
|
ToeiRei
Veteran
Joined: 03 Jan 2005
Posts: 1191
Location: Austria
|
| Posted: Fri Nov 30, 2007 1:57 pm Post subject: |
|
|
In theory, such bots include a telnet server. They start running as the unprivileged user they have been injected (i.e. apache).
Now if someone got an exploit for the software running on your machine it would even be possible to gain root privileges.
Rei
_________________
Please stand by - The mailer daemon is busy burning your messages in hell... |
|
| Back to top |
|
|
marquischan
Tux's lil' helper
Joined: 19 Mar 2005
Posts: 108
|
| Posted: Tue Dec 18, 2007 5:37 am Post subject: |
|
|
I have reinstalled the system, can you name me some exploit tools for me to test the security of my system?
As I am not doing gentoo update frequently ... That may been the reason they can come in !! |
|
| Back to top |
|
|
Anarcho
Advocate
Joined: 06 Jun 2004
Posts: 2970
Location: Germany
|
| Posted: Tue Dec 18, 2007 7:34 am Post subject: |
|
|
| marquischan wrote: | I have reinstalled the system, can you name me some exploit tools for me to test the security of my system?
As I am not doing gentoo update frequently ... That may been the reason they can come in !! |
As a start I would regularly run "glsa-check". It checks your gentoo packages for security related updates.
_________________
...it's only Rock'n'Roll, but I like it! |
|
| Back to top |
|
|
djinnZ
Advocate
Joined: 02 Nov 2006
Posts: 4831
Location: somewhere in L.O.S.
|
| Posted: Tue Dec 18, 2007 11:36 am Post subject: |
|
|
do a look at chkrootkit, foremost, rkhunter or samhain in app-forensic and to the glsa-check
_________________
scita et risus abundant in ore stultorum sed etiam semper severi insani sunt
mala tempora currunt...mater stultorum semper pregna est 
Murpy'sLaw:If anything can go wrong, it will - O'Toole's Corollary:Murphy was an optimist |
|
| Back to top |
|
|
|
Networking & Security
