Way #8,428 to tell if your server has been hacked: the sshd binary is a 4 meg executable with perms of 777.
Way #8,429: there is an account in /etc/passwd that has a shell of “cd /usr/bin; ftp <ip>”.
Yes, a fun day at work.
Way #8,428 to tell if your server has been hacked: the sshd binary is a 4 meg executable with perms of 777.
Way #8,429: there is an account in /etc/passwd that has a shell of “cd /usr/bin; ftp <ip>”.
Yes, a fun day at work.