[FUG-BR] Help
Giancarlo Rubio
giancarlo.rubio em pucpr.br
Ter Dez 6 08:32:13 BRST 2005
Ricardo A. Reis escreveu:
>Fala Rubio,
>
> Ta parecendo que o seu server foi crackado, faz o sequinte
>
> # truss -p 84589
>
> Com isso vc vai poder ver o processo trabalhando, depois faz um
>request e verifica a saida do truss
>
> Para ver de que tipo de arquivo estamos falando.
> # file /proc/84589/file
> file: symbolic link to `/usr/local/sbin/httpd'
>
> Fazendo um copia.
> #cp /proc/84589/file /tmp
>
> Procurando strings
> #strings /tmp/file > file_strings
>
>
>Obs: vc precisa monta o /proc, se precisa estou as ordens :-)
>
>
>
>
>
>
Voltei..
Hj de manha mesma coisa
La fui eu
truss -p 32569
reportou isso
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
sendto(0x3,0x804ea18,0,0x0,{ AF_INET 68.233.191.1:2344 },0x10) = 1 (0x1)
No resto nao reportou nd que posso ajudar
Giancarlo
>Atenciosamente
>
>Ricardo A. Reis
>UNIFESP
>Unix and Network Admin
>
>
>
>
>_______________________________________________
>Freebsd mailing list
>Freebsd em fug.com.br
>http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
>
>
>
_______________________________________________
Freebsd mailing list
Freebsd em fug.com.br
http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Mais detalhes sobre a lista de discussão freebsd