Paul, Do a search on Yahoo for 'mon.out' this may help. The one's that jumped out at me were...
http://www.cfm.brown.edu/tutorials/profile.html ...and... http://www.cs.princeton.edu/cgi-bin/man2html?prof:1 ...although there are others. Regards Dan [EMAIL PROTECTED] http://www.dogsbody.org > Clear Day > > I was hacked on my server. I am now using SSH and have disabled > Telnet. All security patches are installed. > > When hacked I was advised to Export all the Sites, use the restore disk > and Import all the sites back again. > > Since then I am having trouble with just one domain on site4. The > index.html page was removed mysteriously and all the site permissions > had been changed resulting in server errors for the scripts. On > investigation I find that there was this entry in the FTP log after the > restore: > /home/sites/site4/web/DWDDXX8.DDD > although that file is no longer there. > > On the root directory was a file called: > mon.out > I have kept a copy of this file, which looks like an executable file. > > Has anyone come across any of these files? > > Can someone tell me where to look for any intrusion as I am not > familiar with using Shell commands. > > Thanks > > > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
