Don_SyStEmS
Cadet 3rd Year
- Registriert
- Juni 2009
- Beiträge
- 53
Server gehackt?
(Ich hoffe, hier bin ich Richtig, da ich kein anderes passendes Forum gefunden habe.)
Über den Support meines Servers habe ich erfahren, das mein Server (vulgo: "gehackt") worden ist. Der beweis und somit die Begründung des Supports liegt allein in einer Log:
Woran wollen die nun sehen, das dort was gemacht worden ist?
Mfg Don
(Ich hoffe, hier bin ich Richtig, da ich kein anderes passendes Forum gefunden habe.)
Über den Support meines Servers habe ich erfahren, das mein Server (vulgo: "gehackt") worden ist. Der beweis und somit die Begründung des Supports liegt allein in einer Log:
Code:
root@v544:/# ls -l /proc/3947/
total 0
-r-------- 1 admin admin 0 May 27 12:14 auxv
-r--r--r-- 1 admin admin 0 May 27 12:12 cmdline
-rw-r--r-- 1 admin admin 0 May 27 12:14 coredump_filter
-r--r--r-- 1 admin admin 0 May 27 12:14 cpuset
lrwxrwxrwx 1 admin admin 0 May 27 12:14 cwd -> /var/tmp/.a/sbin/sbin
-r-------- 1 admin admin 0 May 27 12:14 environ
lrwxrwxrwx 1 admin admin 0 May 27 12:14 exe -> /var/tmp/.a/sbin/sbin/bash
dr-x------ 2 admin admin 0 May 27 12:14 fd
-r--r--r-- 1 admin admin 0 May 27 12:14 io
-r-------- 1 admin admin 0 May 27 12:14 limits
-rw-r--r-- 1 admin admin 0 May 27 12:14 loginuid
-r--r--r-- 1 admin admin 0 May 27 12:14 maps
-rw------- 1 admin admin 0 May 27 12:14 mem
-r--r--r-- 1 admin admin 0 May 27 12:14 mounts
-r-------- 1 admin admin 0 May 27 12:14 mountstats
-r--r--r-- 1 admin admin 0 May 27 12:14 numa_maps
-rw-r--r-- 1 admin admin 0 May 27 12:14 oom_adj
-r--r--r-- 1 admin admin 0 May 27 12:14 oom_score
lrwxrwxrwx 1 admin admin 0 May 27 12:14 root -> /
-r--r--r-- 1 admin admin 0 May 27 12:14 schedstat
-r-------- 1 admin admin 0 May 27 12:14 smaps
-r--r--r-- 1 admin admin 0 May 27 12:12 stat
-r--r--r-- 1 admin admin 0 May 27 12:13 statm
-r--r--r-- 1 admin admin 0 May 27 12:13 status
dr-xr-xr-x 3 admin admin 0 May 27 12:13 task
-r--r--r-- 1 admin admin 0 May 27 12:14 wchan
root@v544:/# find /var/tmp/.a/sbin/
/var/tmp/.a/sbin/
/var/tmp/.a/sbin/m.help
/var/tmp/.a/sbin/vhosts
/var/tmp/.a/sbin/x0x.seen
/var/tmp/.a/sbin/update
/var/tmp/.a/sbin/start
/var/tmp/.a/sbin/LinkEvents
/var/tmp/.a/sbin/autorun
/var/tmp/.a/sbin/Emil.seen
/var/tmp/.a/sbin/m.ses
/var/tmp/.a/sbin/r
/var/tmp/.a/sbin/r/rinsult.e
/var/tmp/.a/sbin/r/rtsay.e
/var/tmp/.a/sbin/r/rsignoff.e
/var/tmp/.a/sbin/r/raway.e
/var/tmp/.a/sbin/r/rpickup.e
/var/tmp/.a/sbin/r/rversions.e
/var/tmp/.a/sbin/r/rkicks.e
/var/tmp/.a/sbin/r/rsay.e
/var/tmp/.a/sbin/r/rnicks.e
/var/tmp/.a/sbin/85.119.156.104.user
/var/tmp/.a/sbin/cron.d
/var/tmp/.a/sbin/run
/var/tmp/.a/sbin/m.set
/var/tmp/.a/sbin/sbin
/var/tmp/.a/sbin/sbin/m.help
/var/tmp/.a/sbin/sbin/vhosts
/var/tmp/.a/sbin/sbin/update
/var/tmp/.a/sbin/sbin/start
/var/tmp/.a/sbin/sbin/LinkEvents
/var/tmp/.a/sbin/sbin/autorun
/var/tmp/.a/sbin/sbin/m.ses
/var/tmp/.a/sbin/sbin/r
/var/tmp/.a/sbin/sbin/r/rinsult.e
/var/tmp/.a/sbin/sbin/r/rtsay.e
/var/tmp/.a/sbin/sbin/r/rsignoff.e
/var/tmp/.a/sbin/sbin/r/raway.e
/var/tmp/.a/sbin/sbin/r/rpickup.e
/var/tmp/.a/sbin/sbin/r/rversions.e
/var/tmp/.a/sbin/sbin/r/rkicks.e
/var/tmp/.a/sbin/sbin/r/rsay.e
/var/tmp/.a/sbin/sbin/r/rnicks.e
/var/tmp/.a/sbin/sbin/85.119.156.104.user
/var/tmp/.a/sbin/sbin/cron.d
/var/tmp/.a/sbin/sbin/run
/var/tmp/.a/sbin/sbin/m.set
/var/tmp/.a/sbin/sbin/Cola.seen
/var/tmp/.a/sbin/sbin/back.seen
/var/tmp/.a/sbin/sbin/mech.dir
/var/tmp/.a/sbin/sbin/inst
/var/tmp/.a/sbin/sbin/m.lev
/var/tmp/.a/sbin/sbin/m.pid
/var/tmp/.a/sbin/sbin/xh
/var/tmp/.a/sbin/sbin/85.119.156.104.user2
/var/tmp/.a/sbin/sbin/bash
/var/tmp/.a/sbin/mech.dir
/var/tmp/.a/sbin/inst
/var/tmp/.a/sbin/m.lev
/var/tmp/.a/sbin/m.pid
/var/tmp/.a/sbin/xh
/var/tmp/.a/sbin/85.119.156.104.user2
/var/tmp/.a/sbin/bash
Woran wollen die nun sehen, das dort was gemacht worden ist?
Mfg Don