Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
recently a hacker has attacked my server and changed some files on my server , one of them is my netstat , I want to delete it , but I really wonder why I get permission denied error ! here is the attributes of this file :
If you are certain that a cracker (the word "hacker" is misused in this context) has changed some files on your disk, then you don't really know how much he's changed. If he's skillful, he's designed his breakin so that you'll hope you can fix just the programs that seem wrong, but he's also designed his breakin to modify programs that you might not consider. Programs like these:
ls
lsattr
rm
cp
cat
If your system's behavior is of any interest to you (and it had better be if that system is connected to the Internet, because there's a good chance the system has become a spambot, which makes the rest of us want to breathe down your neck), you'll boot an emergency CD, back up your user data, and reinstall from scratch.
If you are certain that a cracker (the word "hacker" is misused in this context) has changed some files on your disk, then you don't really know how much he's changed. If he's skillful, he's designed his breakin so that you'll hope you can fix just the programs that seem wrong, but he's also designed his breakin to modify programs that you might not consider. Programs like these:
ls
lsattr
rm
cp
cat
If your system's behavior is of any interest to you (and it had better be if that system is connected to the Internet, because there's a good chance the system has become a spambot, which makes the rest of us want to breathe down your neck), you'll boot an emergency CD, back up your user data, and reinstall from scratch.
This is very important.
the strange thing is that I rebooted my box with a rescue cd and tried to delete this file there too. but I was getting the same error.
the strange thing is that I rebooted my box with a rescue cd and tried to delete this file there too. but I was getting the same error.
Not strange at all. They've not only replaced some of your programs (which the rescue CD will circumvent), but also messed up your data (which the rescue CD will not circumvent).
Time to back up your data (if you can) and completely reinstall Linux, after formatting your partitions. All of them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.