Date: Wed, 2 Aug 2000 09:36:14 +0530 From: Rahul Siddharthan <rsidd@physics.iisc.ernet.in> To: Glenn McCalley <freebsd@mail.bnetmd.net> Cc: Josh Paetzel <jpaetzel@hutchtel.net>, freebsd-questions@FreeBSD.ORG Subject: Re: What the heck is -this- file? Message-ID: <20000802093614.D3000@physics.iisc.ernet.in> In-Reply-To: <Pine.BSF.4.21.0008012222060.18902-100000@mail.bnetmd.net>; from freebsd@mail.bnetmd.net on Tue, Aug 01, 2000 at 10:28:09PM -0400 References: <012301bffc28$bdd3a9c0$48440ace@mark8> <Pine.BSF.4.21.0008012222060.18902-100000@mail.bnetmd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I've seen such things with a corrupted hard disk. Try unmounting it and forcibly fsck-ing it.=20 Glenn McCalley said on Aug 1, 2000 at 22:28:09: >=20 > Malicious - my first thought as well. This machine is a box leased to a= =20 > single client with maybe 6 ID's on it, so if it's someone not nice I'd say > it's coming from outside. Tried my best to see if there really -is- some > file content there despite the 0 byte count but couldn't see anything. Oh > well, suppose it's time for them to do the security review. >=20 > Thanks! > Glenn. >=20 > On Tue, 1 Aug 2000, Josh Paetzel wrote: >=20 > >=20 > > ----- Original Message ----- > > From: "Glenn McCalley" <freebsd@mail.bnetmd.net> > > To: "Josh Paetzel" <jpaetzel@hutchtel.net> > > Cc: <freebsd-questions@FreeBSD.ORG> > > Sent: Tuesday, August 01, 2000 8:59 PM > > Subject: Re: What the heck is -this- file? > >=20 > >=20 > > > > > > Ahhh, but you don't understand... > > > That's just the point - the "gobblygook" -is- the file name as shown = by > > > "ls -l" > > > Glenn. > > > > >=20 > > In that case I would start to wonder about the integrity of my system f= rom > > either a hardware standpoint, or perhaps a malicious "user" standpoint. > >=20 > >=20 > > > On Tue, 1 Aug 2000, Josh Paetzel wrote: > > > > > > > > > > > ----- Original Message ----- > > > > From: "Glenn McCalley" <freebsd@mail.bnetmd.net> > > > > To: <freebsd-questions@FreeBSD.ORG> > > > > Sent: Tuesday, August 01, 2000 7:56 PM > > > > Subject: What the heck is -this- file? > > > > > > > > > > > > > > > > > > What??!! > > > > > Just poking around and found the following file entry in > > /apache/htdocs: > > > > > > > > > > -rwsr-sr-t 1 root wheel 0 Mar 28 15:33 J-=FFyq>= =F6tn0=1D=EA? > > > > > =EE=D3=A5~o=A8Q=8D=11R>s=D5:N5Y;=CDjO=BB=FA=D5-Ou=C58DW=C7<=D9=A2= 5ln}e8$=E2=E2'Y=F6E"=AEcFk=BA=F6=A1=04 > > > > > =F5=CDfC=EBa=D6R s > > > > > > > > > > Kinda odd that it's suid, owned by root, with a sticky bit set? = -0- > > > > > bytes in size? Is that right? > > > > > > > > > > I was able to delete it, but other than sunspots, any thoughts on= how > > it > > > > > got there? > > > > > > > > > > Thanks! > > > > > Glenn. > > > > > > > > > > > > > I don't know, but hopefully the same thing that made that file didn= 't > > put > > > > the gobblygook into you email as well. :) > > > > > > > > Josh > >=20 > >=20 > >=20 >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000802093614.D3000>