Results 1 to 3 of 3
  1. #1
    Join Date
    Jan 2004
    Posts
    67

    /usr/local/apache/proxy/ security problem?

    I've found 3 files under /usr/local/apache/proxy/

    f3
    dosnet
    pkt.c

    I've found that f3 is running nobody:
    ./f3 IP

    How can I stop these kind scripts?
    How did they get to /usr/local/apache/proxy/?
    How can I find who was using these scripts?

  2. #2
    chown 0:0 /usr/local/apache/proxy
    and kill the process.

    regards,
    M.
    Powered by AMD & FreeBSD.
    "Documentation is like sex:
    when it is good, it is very, very good;
    and when it is bad, it is better than nothing."

  3. #3
    Join Date
    Jun 2003
    Location
    World Wide Web
    Posts
    581
    Also, if you have access logs at /usr/local/apache/logs/,
    try to search the string 'dosnet' inside /usr/local/apache/logs/' to find out how it got there. I think /usr/local/apache/proxy is writable by 'nobody', so its worth a try.
    SupportExpertz.com - the name says it all!
    Managed Cloud Servers
    Server Management and Monitoring
    24x7 outsourced customer support

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •