./check.cgi & ./hnc.cgi & ./***.cgi ???

bunlar mail spam gateway proxy olarak kullanilan seyler.

abuse edilen bir php script vs ile servera yuklenip run ediliyorlar

run edildikten sonra da dosya siliniyor ve bulunmaz bir hale geliyor

serverdan bulup silmek icin en kolay yonem

#grep -r “check.cgi” /var/log/proftpd/.

olabilir

veyahut

updatedb

locate .pl diyip 2332832683276.pl diye bir dosya aramak da olabilir sonuclarda.

—————————

I think one of your domains in the server is hacked.. Can you do a grep -i hnc.cgi /var/log/messages got any results ?

if you didn’t got any results do this too..

zgrep -i hnc.cgi /var/log/messages.*.gz

also check if any hnc.cgi files is there in the server using find

cd /home; find -name “hnc.cgi” -type f

Any results ?

Somehow one of your ftp account/domain is hacked and it’s used to upload hnc.cgi or check.cgi script and they start running it… After running this script usually it will be deleted and hence you may not find this script if you use locate/find command. So the best way to check which account got hacked is to check the pattern hnc.cgi in the ftp logs..

After verifying the logs you may clearly see that it’s uploaded and removed after running that script.

yes hnc.cgi is used to send spams. If you find any patterns of hnc.cgi in /var/log/messages immediately you change the password for the account and ftp accounts..

Also just verify the files uploaded checking the logs and make sure the hacker didn’t modified your webfiles..

Hi all,

I had some issues with line drawing when accessing my linux box from work. I found the following workaround in this site:

To make it all work right, you need to twiddle the following configuration settings:

Terminal → Keyboard:

Change the sequences sent by: The Functions keys and Keypad:
Select Linux.

Window → Appearance:

Font settings:
Pick a font that contains the Unicode line drawing characters, such as Andale Mono or Lucida Console. (Unfortunately Vista’s gorgeous new Consolas font does not have those.)

Window → Translation:

Character set translation on received data:
Select UTF-8.
Adjust how PuTTY handles line drawing characters:
Select Use Unicode line drawing code points.

Connection → Data:

Terminal details: Terminal-type string:
Enter “linux”.

Now line drawing characters should show up as they are supposed to.

++

I also had do the following:
Terminal -> Features
check – Disable bidirectional text display

to get aptitude running correctly

Create An Image
dd if=/dev/sda | gzip > /mnt/sdb1/sda.img.gz

Restore An Image
gzip -dc /mnt/sdb1/sda.img.gz | dd of=/dev/sda

Ben

Not: resim Teb.com.tr sitesinden alintidir. Tum haklari kendilerine aittir 🙂


if the message is frozen

exim -bpru|grep frozen|awk {'print $3'}|xargs exim -Mrm

if the message is <>

exim -bpru|grep '<>'|awk {'print $3'}|xargs exim -Mrm

if all

exim -bpru|awk {'print $3'}|xargs exim -Mrm

cd romu olmayan servera centos kurmak icin usb flash stick hazirlamak

1- http://www.chrysocome.net/dd

adresinden dd.exe nin en son surumu indirilir

2- http://mirror.centos.org/centos/5.1/os/x86_64/images/

adresinden diskboot.img dosyasi indirilir

3- USB disk bilgisayara takilir

4- cmd ile dd.exe nin bulundugu dizine gidilir

dd –list denerek usb diskin nerede mount edilmis oldugu bulunur.

5- asagidaki ornekde usb disk c: de mount edilmis.

buna gore diskboot.img dosyamizi c: de bulunan usb diskimize yazalim.

dd if=diskboot.img of=\\.\C: –progress