From: "Howie Dines" <howie (at mark) howie.co.uk>
> Some delightful chum from ru had decided to hack into one of my BQ servers
> and install psybnc
>
> It was placed in a dir /home/.users/112/admin/nuonce/ /psybnc/
> the gap is seen as 3xspaces
>
> I've now killed the pid and deleted the lower level nuonce dir using
> "rm -fR
> nuonce"
>
> All seems to be clear now, however if I issue the command "locate psybnc"
> it
> still finds a whole list of files in the mystery dir.
>
> Are they really there or is the locate command just finding a cached
> listing
> or something?
>
>
> Also if I do a "last command" I get a truncated domain name of the guy
> Is there any way to call up /list his full domain name ?
>
> admin pts/1 broadband2-201.m Thu Sep 21 09:06 - 09:38 (00:31)
>
> Best Regards,
> Howie.
slocate only updates once per day.
What was the ownership of the files? apache?
Is your PHP in safe mode?
Any crons set up for that user that owned the files?
----
Ken Marcus
Precision Web Hosting, Inc.
http://www.precisionweb.net
>