[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security Breach: A zero byte file created in my home directory

On Tue, May 15, 2007 at 08:39:27AM +0200, Vincent Lefevre wrote:
> On 2007-05-15 11:35:03 +0530, Deboo ^ wrote:
> > I saw today that there's a zero byte file in my hoem dir with the name
> > "Brendan" created yesterday but I couldn't search whp created it or
> > what was the command that created it etc from any  log files.


> I'd say that such file creation are often user mistakes.

I agree with Vincent, that often these files are your own doing,
somehow. I'm always finding little files that crop up from me
mis-remembering a command with the result being that some file gets
created somewhere. Usually, I can vaguely remember... "oh yeah, I did
mistype an scp command... that makes sense"

> > And JUST now as I am posting this, that file is GONE. I did not delete
> > it.
> That's strange.
> > Even with the firewall, someone is in my computer?
> If someone entered your computer before you installed the firewall,
> this could be too late (he could have installed a rootkit, that
> bypasses the firefall). You can try chkrootkit to see if a rootkit
> was installed.

If you're already compromised, chkrootkit won't do you any good as it
could be compromised too. I recommend you take the machine offline and
monitor it for more similar activity. If the activity occurs while
offline, its probably your doing, at not someone else's. If the
activity only occurs when online, then you'll have to wipe it and
start over.


Attachment: signature.asc
Description: Digital signature

Reply to: