Date: Tue, 1 Aug 2000 22:28:09 -0400 (EDT) From: Glenn McCalley <freebsd@mail.bnetmd.net> To: Josh Paetzel <jpaetzel@hutchtel.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: What the heck is -this- file? Message-ID: <Pine.BSF.4.21.0008012222060.18902-100000@mail.bnetmd.net> In-Reply-To: <012301bffc28$bdd3a9c0$48440ace@mark8>
next in thread | previous in thread | raw e-mail | index | archive | help
Malicious - my first thought as well. This machine is a box leased to a=20 single client with maybe 6 ID's on it, so if it's someone not nice I'd say it's coming from outside. Tried my best to see if there really -is- some file content there despite the 0 byte count but couldn't see anything. Oh well, suppose it's time for them to do the security review. Thanks! Glenn. On Tue, 1 Aug 2000, Josh Paetzel wrote: >=20 > ----- Original Message ----- > From: "Glenn McCalley" <freebsd@mail.bnetmd.net> > To: "Josh Paetzel" <jpaetzel@hutchtel.net> > Cc: <freebsd-questions@FreeBSD.ORG> > Sent: Tuesday, August 01, 2000 8:59 PM > Subject: Re: What the heck is -this- file? >=20 >=20 > > > > Ahhh, but you don't understand... > > That's just the point - the "gobblygook" -is- the file name as shown by > > "ls -l" > > Glenn. > > >=20 > In that case I would start to wonder about the integrity of my system fro= m > either a hardware standpoint, or perhaps a malicious "user" standpoint. >=20 >=20 > > On Tue, 1 Aug 2000, Josh Paetzel wrote: > > > > > > > > ----- Original Message ----- > > > From: "Glenn McCalley" <freebsd@mail.bnetmd.net> > > > To: <freebsd-questions@FreeBSD.ORG> > > > Sent: Tuesday, August 01, 2000 7:56 PM > > > Subject: What the heck is -this- file? > > > > > > > > > > > > > > What??!! > > > > Just poking around and found the following file entry in > /apache/htdocs: > > > > > > > > -rwsr-sr-t 1 root wheel 0 Mar 28 15:33 J-=FFyq>=F6t= n0=1D=EA? > > > > =EE=D3=A5~o=A8Q=8D=11R>s=D5:N5Y;=CDjO=BB=FA=D5-Ou=C58DW=C7<=D9=A25l= n}e8$=E2=E2'Y=F6E"=AEcFk=BA=F6=A1=04 > > > > =F5=CDfC=EBa=D6R s > > > > > > > > Kinda odd that it's suid, owned by root, with a sticky bit set? -0= - > > > > bytes in size? Is that right? > > > > > > > > I was able to delete it, but other than sunspots, any thoughts on h= ow > it > > > > got there? > > > > > > > > Thanks! > > > > Glenn. > > > > > > > > > > I don't know, but hopefully the same thing that made that file didn't > put > > > the gobblygook into you email as well. :) > > > > > > Josh >=20 >=20 >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008012222060.18902-100000>