maximilian attems wrote:
On Thu, 18 Sep 2003, Christian Storch wrote:Don't forget to try to find the potential hole first! Otherwise you could have a fast recurrence. [..]in /etc/.rpn theres a .bash_history with the following content:id mkdir /etc/.rpn ps -aux ps -aux | grep tbk kill -15292 pid kill 15292 netconf locate httpd.conf cd /etc/.rpn ls -al wget cd /var/www/cncmap/www/upload/renegade ls -al rm -rf phpshell.php^__________^ was this the exploited hole ?
I think so. In fact the problem is that it got there... regards Markus