Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Aug 2000 09:36:14 +0530
From:      Rahul Siddharthan <rsidd@physics.iisc.ernet.in>
To:        Glenn McCalley <freebsd@mail.bnetmd.net>
Cc:        Josh Paetzel <jpaetzel@hutchtel.net>, freebsd-questions@FreeBSD.ORG
Subject:   Re: What the heck is -this- file?
Message-ID:  <20000802093614.D3000@physics.iisc.ernet.in>
In-Reply-To: <Pine.BSF.4.21.0008012222060.18902-100000@mail.bnetmd.net>; from freebsd@mail.bnetmd.net on Tue, Aug 01, 2000 at 10:28:09PM -0400
References:  <012301bffc28$bdd3a9c0$48440ace@mark8> <Pine.BSF.4.21.0008012222060.18902-100000@mail.bnetmd.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

I've seen such things with a corrupted hard disk.  Try unmounting it
and forcibly fsck-ing it. 

Glenn McCalley said on Aug  1, 2000 at 22:28:09:
> 
> Malicious - my first thought as well.  This machine is a box leased to a 
> single client with maybe 6 ID's on it, so if it's someone not nice I'd say
> it's coming from outside.  Tried my best to see if there really -is- some
> file content there despite the 0 byte count but couldn't see anything.  Oh
> well, suppose it's time for them to do the security review.
> 
> Thanks!
> Glenn.
> 
> On Tue, 1 Aug 2000, Josh Paetzel wrote:
> 
> > 
> > ----- Original Message -----
> > From: "Glenn McCalley" <freebsd@mail.bnetmd.net>
> > To: "Josh Paetzel" <jpaetzel@hutchtel.net>
> > Cc: <freebsd-questions@FreeBSD.ORG>
> > Sent: Tuesday, August 01, 2000 8:59 PM
> > Subject: Re: What the heck is -this- file?
> > 
> > 
> > >
> > > Ahhh, but you don't understand...
> > > That's just the point - the "gobblygook" -is- the file name as shown by
> > >  "ls -l"
> > > Glenn.
> > >
> > 
> > In that case I would start to wonder about the integrity of my system from
> > either a hardware standpoint, or perhaps a malicious "user" standpoint.
> > 
> > 
> > > On Tue, 1 Aug 2000, Josh Paetzel wrote:
> > >
> > > >
> > > > ----- Original Message -----
> > > > From: "Glenn McCalley" <freebsd@mail.bnetmd.net>
> > > > To: <freebsd-questions@FreeBSD.ORG>
> > > > Sent: Tuesday, August 01, 2000 7:56 PM
> > > > Subject: What the heck is -this- file?
> > > >
> > > >
> > > > >
> > > > > What??!!
> > > > > Just poking around and found the following file entry in
> > /apache/htdocs:
> > > > >
> > > > > -rwsr-sr-t   1 root     wheel           0 Mar 28 15:33 J-yq>tn0?
> > > > > ӥ~oQR>s:N5Y;jO-Ou8DW<٢5ln}e8$'YE"cFk
> > > > > fCaR s
> > > > >
> > > > > Kinda odd that it's suid, owned by root, with a sticky bit set?  -0-
> > > > > bytes in size?  Is that right?
> > > > >
> > > > > I was able to delete it, but other than sunspots, any thoughts on how
> > it
> > > > > got there?
> > > > >
> > > > > Thanks!
> > > > > Glenn.
> > > > >
> > > >
> > > > I don't know, but hopefully the same thing that made that file didn't
> > put
> > > > the gobblygook into you email as well. :)
> > > >
> > > > Josh
> > 
> > 
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000802093614.D3000>