Am Di, den 14.12.2004 schrieb mark onnow net um 1:02: > I found d0s3.txt in my /tmp dir. > > Not sure how it got there. Found this too: Its the temporary directory for a lot of applications. > Here is the log file from error_log.1 > > --19:21:21-- http://@#! #!@#! #!yeah freesuperhost com/d0s3.txt > => `d0s3.txt' > Resolving @#! #!@#! #!yeah freesuperhost com done. > Connecting to @#! #!@#! #!yeah freesuperhost com[70 84 229 131]:80... > connected. > HTTP request sent, awaiting response... 200 OK > Length: 20,419 [text/plain] > > 0K .......... ......... 100% 74.68 KB/s > > 19:21:23 (74.68 KB/s) - `d0s3.txt' saved [20419/20419] Someone got that file from a remote 'free' webhost. Looks suspicious just from used names. Are you sure you have your users under control? Ever run tools like nettop or iptraf to see what makes how much traffic? > Mark Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp Serendipity 02:21:01 up 3 days, 21:01, load average: 0.51, 0.58, 0.75
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil