arodriguez31@cfl.rr.com wrote: > Access: (0660/-rw-rw----) Uid: ( 33/www-data) Gid: ( 33/www-data) Do this: $ grep 33 /mnt/debian/etc/passwd $ grep 33 /mnt/debian/etc/group and email the user with uid 33 and the group with gid 33. If it actually is www-data/www-data, then you've probably been h4x0r3d, if it's bin/bin, then I'm just confused. Also, look around for a root-kit sniffer in knoppix and use it if you find one, this looks like either a break in or a really stupid mistake (no offense). -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$ UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K- w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-) b++(+++)@ DI? D? G e->++++ h* r? z* ------END GEEK CODE BLOCK------ David Mandelberg webmaster@eth0.is-a-geek.org
Attachment:
signature.asc
Description: OpenPGP digital signature