Date: Wed, 24 Jul 2002 19:41:50 -0400 From: "sagacious" <sagacious@unixhideout.com> To: <freebsd-questions@freebsd.org> Subject: heh Message-ID: <000601c2336b$aea3e8d0$0a01a8c0@MIKESBOX>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0007_01C2334A.279248D0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit There is a file in my website root called ?* I knew I didn't make the file so I made a test directory called foo went into it and touched some quick files and directories. I typed rm ?* and sure as I thought it deleted all the test files. Someone really has it out for me lately. I think my box has been compromised and im not sure where to start. They got in via that god damn sshd exploit so I closed the port in my router. How do I remove this file without messing up my box. sagacious (Mike) Network administrator The unixhideout network http://www.unixhideout.com ------=_NextPart_000_0007_01C2334A.279248D0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40">; <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C2334A.27584D10"> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:"Lucida Console"; panose-1:2 11 6 9 4 5 4 2 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-2147482993 6144 0 0 31 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:"Lucida Console"; mso-ascii-font-family:"Lucida Console"; mso-hansi-font-family:"Lucida Console"; color:black; font-weight:normal; font-style:normal; text-decoration:none; text-underline:none; text-decoration:none; text-line-through:none;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Lucida = Console"><span style=3D'font-size:10.0pt;font-family:"Lucida = Console";color:black'>There is a file in my website root <span class=3DGramE>called = ?*</span><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Lucida = Console"><span style=3D'font-size:10.0pt;font-family:"Lucida = Console";color:black'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Lucida = Console"><span style=3D'font-size:10.0pt;font-family:"Lucida Console";color:black'>I = knew I didn’t make the file so I made a test directory called <span = class=3DSpellE>foo</span> went into it and touched some quick files and directories. I typed <span class=3DSpellE><span class=3DGramE>rm</span></span><span class=3DGramE> = ?</span>* and sure as I thought it deleted all the test files. Someone really has it = out for me lately. I think my box has been compromised and <span = class=3DSpellE>im</span> not sure where to start. They got in via that god damn <span = class=3DSpellE>sshd</span> exploit so I closed the port in my router. How do I remove this file = without messing up my box.<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Lucida = Console"><span style=3D'font-size:10.0pt;font-family:"Lucida = Console";color:black'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Lucida = Console"><span style=3D'font-size:10.0pt;font-family:"Lucida = Console";color:black;mso-no-proof: yes'>sagacious (Mike)</span></font><font color=3Dblack><span = style=3D'color:black; mso-no-proof:yes'><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Lucida = Console"><span style=3D'font-size:10.0pt;font-family:"Lucida = Console";color:black;mso-no-proof: yes'>Network administrator</span></font><font color=3Dblack><span style=3D'color:black;mso-no-proof:yes'><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Lucida = Console"><span style=3D'font-size:10.0pt;font-family:"Lucida = Console";color:black;mso-no-proof: yes'>The unixhideout network</span></font><font color=3Dblack><span style=3D'color:black;mso-no-proof:yes'><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dblack face=3D"Lucida = Console"><span style=3D'font-size:10.0pt;font-family:"Lucida = Console";color:black;mso-no-proof: yes'><a = href=3D"http://www.unixhideout.com">http://www.unixhideout.com</a></span>= </font><o:p></o:p></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size: 12.0pt'><o:p> </o:p></span></font></p> </div> </body> </html> ------=_NextPart_000_0007_01C2334A.279248D0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000601c2336b$aea3e8d0$0a01a8c0>