Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Dec 2001 17:08:01 -0000
From:      "Steve Lalonde" <steve@enta.net>
To:        "Blake Crosby" <dev@samurai.com>, <isp-webhosting@isp-webhosting.com>, <freebsd-isp@freebsd.org>
Subject:   Re: Weird file in /root
Message-ID:  <031201c17ce6$3b3cd7d0$62604ac3@steve2>
References:  <JAEEIJKIHAONENKPFCCPIEKFCBAA.dev@samurai.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
This could also be output from a

tar xvf filename.tar.gz

that should have been

tar xvfz filename.tar.gz

I did this once on ports.tar.gz what a mess that made.


Steve Lalonde
Chief Technical Officer
Entanet International Ltd
http://www.enta.net/

***********************************************************************
IMPORTANT: DISCLAIMER NOTICE

This email (and any attachment thereto) is confidential, and may be
legally privileged, and is for the intended recipient only. Access,
disclosure, copying, distribution or reliance on any of it by anyone
else is prohibited and may be a criminal offence. Please delete if
obtained in error and notify the sender. Any views expressed in this
e-mail are those of the individual sender, not those of the company
unless endorsed by a Director of Entanet International Ltd.

***********************************************************************

----- Original Message -----
From: "Blake Crosby" <dev@samurai.com>
To: <isp-webhosting@isp-webhosting.com>; <freebsd-isp@FreeBSD.ORG>
Sent: Tuesday, December 04, 2001 3:47 PM
Subject: Weird file in /root


> I am somewhat concerned at this file I found:
>
> 7524 -rwsr-sr-t  1 root  wheel          0 Nov 30 16:41:10 2001
> /root/gA /,1.)OKR iz
> )W*N8g?-a^' %߾z?teu?*!S?!צXRms:T|eYK"G 
>
> I did delete the file as soon as I found it, since the setUID bit was
> active. I am thinking that this machine has been comprimised - but I am
not
> sure how.
>
> Any pointers on how about I should go investigating this situation?
>
> Blake
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?031201c17ce6$3b3cd7d0$62604ac3>