On Tue, 2003-06-24 at 21:36, Elizabeth Barham wrote: > Shri writes: > > > The program was called bd.c and was created on June the 6, so all > > the logs I have are too new to be able to do any real kind of > > tracking down. > > Does the code in: > > http://kaizo.org/mirrors/phrack/phrack58/p58-0x07 > > look familiar? One of the source files is named bd.c ("backdoor").
Nope. The stuff in there seems a lot more complex than the code I
encountered which was no bigger than about a page. I dont think that it
had that many includes either. From what I remember, its sole purpose
was to give a shell on port 5000.
I also found a few php scripts which gave shell access to the box as the
www-data user. All very worrying. I had disabled module support within
the kernel which might have been one thing that saved my ass.
Thanks for your time and any further help greatly appreciated.
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745
I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499
Web: www.urbyte.com Email: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
