Jodi_the_g
Member
Registered: 7th Aug 01
Location: Washington D.C
User status: Offline
|
I am in puTTY and ssh to my server to delete a file called
shh-scan
i have found it in the /var/tmp/.. /fuckers/ssh-scan.
but can not delete it anyway to get the full path so i can delete this file.
|
abdus
Member
Registered: 23rd Feb 06
User status: Offline
|
which os?
this might help:
http://www.spywaredb.com/remove-shadow-security-scanner/
]
[Edited on 02-05-2006 by abdus]
|
Jodi_the_g
Member
Registered: 7th Aug 01
Location: Washington D.C
User status: Offline
|
debain i think
|
Tim
Site Administrator
Registered: 21st Apr 00
User status: Offline
|
I'd be more worried about how it got there to be honest. Sounds like someone's exploited one of your services.
To delete just enclose the path in single-quotes so the shell will interpret it as a single path (and not multiple because of the spaces).
i.e. rm '/var/tmp/.. /fuckers/ssh-scan'
|
Jodi_the_g
Member
Registered: 7th Aug 01
Location: Washington D.C
User status: Offline
|
i know how it got there and closed that loop hole
|
Pop
Member
Registered: 8th May 03
Location: Reading
User status: Offline
|
my god all i did was innocently opened this thread for a read and entered a world in which people are talking a crazy new language that i have no idea what it means 
|
Sam
Moderator
Premium Member
Registered: 24th Dec 99
Location: West Midlands
User status: Offline
|
SSH and TTY can both EMA and GTF, but they must STFU first.
|
Jodi_the_g
Member
Registered: 7th Aug 01
Location: Washington D.C
User status: Offline
|
thanks tim and willy helped alot.
Any ideas what ssh-scan does.
got in though a contact php file so have removed it and looking for a better option.
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
At a guess, listens for stuff over SSH.
|
