Date: Wed, 24 Jul 2002 19:41:50 -0400 From: "sagacious" <sagacious@unixhideout.com> To: <freebsd-questions@freebsd.org> Subject: heh Message-ID: <000601c2336b$aea3e8d0$0a01a8c0@MIKESBOX>
index | next in thread | raw e-mail
[-- Attachment #1 --] There is a file in my website root called ?* I knew I didn't make the file so I made a test directory called foo went into it and touched some quick files and directories. I typed rm ?* and sure as I thought it deleted all the test files. Someone really has it out for me lately. I think my box has been compromised and im not sure where to start. They got in via that god damn sshd exploit so I closed the port in my router. How do I remove this file without messing up my box. sagacious (Mike) Network administrator The unixhideout network http://www.unixhideout.com [-- Attachment #2 --] <html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">; <head> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"> <meta name=ProgId content=Word.Document> <meta name=Generator content="Microsoft Word 10"> <meta name=Originator content="Microsoft Word 10"> <link rel=File-List href="cid:filelist.xml@01C2334A.27584D10"> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:"Lucida Console"; panose-1:2 11 6 9 4 5 4 2 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-2147482993 6144 0 0 31 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:"Lucida Console"; mso-ascii-font-family:"Lucida Console"; mso-hansi-font-family:"Lucida Console"; color:black; font-weight:normal; font-style:normal; text-decoration:none; text-underline:none; text-decoration:none; text-line-through:none;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--> </head> <body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'> <div class=Section1> <p class=MsoNormal><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console";color:black'>There is a file in my website root <span class=GramE>called ?*</span><o:p></o:p></span></font></p> <p class=MsoNormal><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console";color:black'><o:p> </o:p></span></font></p> <p class=MsoNormal><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console";color:black'>I knew I didn’t make the file so I made a test directory called <span class=SpellE>foo</span> went into it and touched some quick files and directories. I typed <span class=SpellE><span class=GramE>rm</span></span><span class=GramE> ?</span>* and sure as I thought it deleted all the test files. Someone really has it out for me lately. I think my box has been compromised and <span class=SpellE>im</span> not sure where to start. They got in via that god damn <span class=SpellE>sshd</span> exploit so I closed the port in my router. How do I remove this file without messing up my box.<o:p></o:p></span></font></p> <p class=MsoNormal><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console";color:black'><o:p> </o:p></span></font></p> <p class=MsoNormal><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console";color:black;mso-no-proof: yes'>sagacious (Mike)</span></font><font color=black><span style='color:black; mso-no-proof:yes'><o:p></o:p></span></font></p> <p class=MsoNormal><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console";color:black;mso-no-proof: yes'>Network administrator</span></font><font color=black><span style='color:black;mso-no-proof:yes'><o:p></o:p></span></font></p> <p class=MsoNormal><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console";color:black;mso-no-proof: yes'>The unixhideout network</span></font><font color=black><span style='color:black;mso-no-proof:yes'><o:p></o:p></span></font></p> <p class=MsoNormal><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console";color:black;mso-no-proof: yes'><a href="http://www.unixhideout.com">http://www.unixhideout.com</a></span></font><o:p></o:p></p>; <p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size: 12.0pt'><o:p> </o:p></span></font></p> </div> </body> </html>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601c2336b$aea3e8d0$0a01a8c0>