Chinaunix首页 | 论坛 | 博客

程序员学习

首页 |  博文目录 |  关于我

UGxxoVr

  • 博客访问: 818476
  • 博文数量: 756
  • 博客积分: 40000
  • 博客等级: 大将
  • 技术积分: 4980
  • 用 户 组: 普通用户
  • 注册时间: 2008-10-13 14:40
文章分类

全部博文(756)

文章存档

2011年(1)

2008年(755)

我的朋友
最近访客
推荐博文
我被黑了吗?

分类:

2008-10-13 14:42:26

今天看公司的WEB和MAIL服务器,在一台机器上的,发现PASSWD文件里多了两个用户,一个是用户名CGI,是有ROOT权限的,另一个是adore,一般用户。查看日志如下
Feb  4 16:44:46 ns 173>Feb  4 16:44:46 rpc.statd[400]: gethostbyname error for (
???????????????库ffff75c 8049850 804c89f687465676274736f6d616e797
                                                                    bffff729  bf
                              bffff72b~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P
Feb  4 16:44:46 ns ~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
@
@
Feb  4 16:44:46 ns ~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~
P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P~P1离|Y~IA^P~IA^H?~IA^D~I摸俐I
^A版威@侈B~IY^L屏^N~Y屏^H^P~II^D~@A^D^L~H^A版威@侈D版威@侈E0俐HA^D版威@~I牺H?砂
?威@??威@??威@寝F/bin瞧^D/shA0俐HF^G~Iv^L~MV^P~MN^L~I蟀^K威@稗A威@柁???
Feb  4 17:07:08 ns adduser[21678]: new user: name=cgi, uid=0, gid=0, home=/home/
cgi, shell=/bin/bash
Feb  4 17:07:25 ns PAM_pwdb[21680]: password for (cgi/0) changed by ((null)/0)
Feb  4 17:08:09 ns PAM_pwdb[21682]: password for (ftp/14) changed by ((null)/0)
Feb  4 17:09:31 ns adduser[21687]: new group: name=adore, gid=1651
Feb  4 17:09:31 ns adduser[21687]: new user: name=adore, uid=1651, gid=1651, hom
e=/home/adore, shell=/bin/bash
Feb  4 17:09:46 ns PAM_pwdb[21688]: password for (adore/1651) changed by ((null)
@
Feb  4 17:09:46 ns PAM_pwdb[21688]: password for (adore/1651) changed by ((null)
@
Feb  4 17:07:08 ns adduser[21678]: new user: name=cgi, uid=0, gid=0, home=/home/
cgi, shell=/bin/bash
Feb  4 17:07:25 ns PAM_pwdb[21680]: password for (cgi/0) changed by ((null)/0)
Feb  4 17:08:09 ns PAM_pwdb[21682]: password for (ftp/14) changed by ((null)/0)
Feb  4 17:09:31 ns adduser[21687]: new group: name=adore, gid=1651
Feb  4 17:09:46 ns PAM_pwdb[21688]: password for (adore/1651) changed by ((null)
/0)

估计是被黑客进入了,想请问这是通过什么漏洞进入的,我该怎样预防啊,请救救我~~~      
--------------------next---------------------

阅读(325) | 评论(0) | 转发(0) |
0

上一篇:/ 文件系统已经用掉98%,进不了系统啦!谁能救我??

下一篇:我被黑了吗?

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6