LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-12-2007, 08:24 AM   #1
SPEEDEX
LQ Newbie
 
Registered: Apr 2007
Posts: 22

Rep: Reputation: 0
cannot remove netstat


Hi,
recently a hacker has attacked my server and changed some files on my server , one of them is my netstat , I want to delete it , but I really wonder why I get permission denied error ! here is the attributes of this file :

[root@rome bin]# lsattr netstat
------------- netstat

[root@rome bin]# ls -l netstat
-rwxrwxrwx 1 root root 30640 Jul 15 2003 netstat

[root@rome bin]# rm -f netstat
rm: cannot remove `netstat': Permission denied

can anyone help me about this ?
Regards
 
Old 08-12-2007, 09:05 AM   #2
wjevans_7d1@yahoo.co
Member
 
Registered: Jun 2006
Location: Mariposa
Distribution: Slackware 9.1
Posts: 938

Rep: Reputation: 30
Please read this carefully.

If you are certain that a cracker (the word "hacker" is misused in this context) has changed some files on your disk, then you don't really know how much he's changed. If he's skillful, he's designed his breakin so that you'll hope you can fix just the programs that seem wrong, but he's also designed his breakin to modify programs that you might not consider. Programs like these:
  • ls
  • lsattr
  • rm
  • cp
  • cat
If your system's behavior is of any interest to you (and it had better be if that system is connected to the Internet, because there's a good chance the system has become a spambot, which makes the rest of us want to breathe down your neck), you'll boot an emergency CD, back up your user data, and reinstall from scratch.

This is very important.
 
Old 08-13-2007, 06:16 AM   #3
SPEEDEX
LQ Newbie
 
Registered: Apr 2007
Posts: 22

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by wjevans_7d1@yahoo.co View Post
If you are certain that a cracker (the word "hacker" is misused in this context) has changed some files on your disk, then you don't really know how much he's changed. If he's skillful, he's designed his breakin so that you'll hope you can fix just the programs that seem wrong, but he's also designed his breakin to modify programs that you might not consider. Programs like these:
  • ls
  • lsattr
  • rm
  • cp
  • cat
If your system's behavior is of any interest to you (and it had better be if that system is connected to the Internet, because there's a good chance the system has become a spambot, which makes the rest of us want to breathe down your neck), you'll boot an emergency CD, back up your user data, and reinstall from scratch.

This is very important.
the strange thing is that I rebooted my box with a rescue cd and tried to delete this file there too. but I was getting the same error.
 
Old 08-13-2007, 09:20 AM   #4
wjevans_7d1@yahoo.co
Member
 
Registered: Jun 2006
Location: Mariposa
Distribution: Slackware 9.1
Posts: 938

Rep: Reputation: 30
Quoth SPEEDEX:
Quote:
the strange thing is that I rebooted my box with a rescue cd and tried to delete this file there too. but I was getting the same error.
Not strange at all. They've not only replaced some of your programs (which the rescue CD will circumvent), but also messed up your data (which the rescue CD will not circumvent).

Time to back up your data (if you can) and completely reinstall Linux, after formatting your partitions. All of them.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
netstat Smooth Solaris / OpenSolaris 4 11-17-2006 01:30 AM
netstat -s r_213 Linux - Networking 2 01-27-2005 07:45 AM
netstat -i r_213 Linux - Networking 4 09-09-2004 07:10 AM
netstat question zepplin611 Linux - Networking 2 01-01-2004 03:54 PM
netstat sopiaz57 Linux - Networking 1 10-14-2003 04:39 PM


All times are GMT -5. The time now is 08:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration