On Tue, 2003-06-24 at 21:36, Elizabeth Barham wrote:
> Shri writes:
>
> > The program was called bd.c and was created on June the 6, so all
> > the logs I have are too new to be able to do any real kind of
> > tracking down.
>
> Does the code in:
>
> http://kaizo.org/mirrors/phrack/phrack58/p58-0x07
>
> look familiar? One of the source files is named bd.c ("backdoor").
Nope. The stuff in there seems a lot more complex than the code I
encountered which was no bigger than about a page. I dont think that it
had that many includes either. From what I remember, its sole purpose
was to give a shell on port 5000.
I also found a few php scripts which gave shell access to the box as the
www-data user. All very worrying. I had disabled module support within
the kernel which might have been one thing that saved my ass.
Thanks for your time and any further help greatly appreciated.
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745
I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499
Web: www.urbyte.com Email: shri@urbyte.com
Attachment:
signature.asc
Description: This is a digitally signed message part