Security Basics mailing list archives
strange cgi-bin entry
From: Nikolai Alexandrov <voyager123bg () gmail com>
Date: Mon, 18 Jul 2005 13:24:56 +0300
Hello out there, i want to ask you about strange entry i noted in my /cgi-bin directory...
ls -lalrwxrwxrwx 1 root root 10 2005-07-08 14:11 AAA.BBB.CCC.DDD.cgi -> AAA.BBB.CCC.DDD.cgi
where AAA.BBB.CCC.DDD is a real ip address. I removed the link, and am pretty sure i didn't created it... It is the only entry in the /cgi-bin. My question is: Could this mean my box is compromised? And if so... what should i do next? (reinstall is not a good answer in my case) Thank you in advance.
ps: I nmaped the questioned host (from outside), and no unnknown (open) ports were found. Also netstat -nta did not show anything unusual. Logcheck also seemed normal (but if the host is compromised i know i cannot trust the software I run on the same host).
Current thread:
- strange cgi-bin entry Nikolai Alexandrov (Jul 18)
- Message not available
- Re: strange cgi-bin entry Nikolai Alexandrov (Jul 20)
- Message not available