Re: HELP!!!, can't login even as root
yeap, it is www-data. See next
www-data:x:33:33:www-data:/var/www/:/bin/sh
and
www-data:x:33:
It probably hapenned by allowing uploading of pictures through a perl script to my server without proper security. STUPID mistake, if it is the reason. And more stupid, if another mistake of mine.
That h-thing is what, a code for what?
Where can I read about this? Whats next step, wipe it all? What damage it could have done?
Thank you guys for all.
arodriguez31@cfl.rr.com wrote:
> Access: (0660/-rw-rw----) Uid: ( 33/www-data) Gid: ( 33/www-data)
Do this:
$ grep 33 /mnt/debian/etc/passwd
$ grep 33 /mnt/debian/etc/group
and email the user with uid 33 and the group with gid 33. If it actually
is www-data/www-data, then you've probably been h4x0r3d, if it's
bin/bin, then I'm just confused.
Also, look around for a root-kit sniffer in knoppix and use it if you
find one, this looks like either a break in or a really stupid mistake
(no offense).
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$
UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K-
w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-)
b++(+++)@ DI? D? G e->++++ h* r? z*
------END GEEK CODE BLOCK------
David Mandelberg
webmaster@eth0.is-a-geek.org
Reply to: