Find the answer to your Linux question:
Results 1 to 4 of 4
Hello, some hack script suddenly appear in the /root directory of my VPS. Lets call it "badscript" -rwxr-xr-x 1 root root 1.2M Jul 18 12:34 badscript but i cant delete ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    321

    Cant delete or chown file as a root


    Hello,

    some hack script suddenly appear in the /root directory of my VPS. Lets call it "badscript"

    -rwxr-xr-x 1 root root 1.2M Jul 18 12:34 badscript
    but i cant delete it or chown it being root..

    it says:
    rm: cannot remove `badscript': Operation not permitted
    chown: changing ownership of `badscript': Operation not permitted
    stat badscript
    File: `badscript'
    Size: 1189151 Blocks: 2336 IO Block: 4096 regular file
    Device: 57h/87d Inode: 17932822 Links: 1
    Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
    Access: 2014-07-29 16:51:30.000000000 -0400
    Modify: 2014-07-18 12:34:49.000000000 -0400
    Change: 2014-07-29 16:51:25.000000000 -0400
    Please any idea how to block that person who added this script to my linux redhat server?

    "last" command shows only my regular ips, no stranger ip

    and how to remove that script? Thank you
    "Avoid the Gates of Hell. Use Linux affordable VPS."

  2. #2
    Just Joined!
    Join Date
    Jul 2014
    Posts
    30
    chattr -i FILENAME
    rm -rf FILENAME

  3. #3
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,559
    Quote Originally Posted by postcd View Post
    Please any idea how to block that person who added this script to my linux redhat server?
    Depends on how they did it, most frequently it's through a poorly validated upload script in a web page. I would also wonder if the rest of the server is now trustworthy...
    What do we want?
    Time machines!

    When do we want 'em?
    Doesn't really matter does it!?


    The Fifth Continent

  4. #4
    Just Joined!
    Join Date
    Sep 2014
    Posts
    2
    Use:

    Code:
    $ lsattr badscript
    The output could be something like this:
    Code:
    ----i--------e- badscript
    Remove the immutable "i" attribute typing the following command:
    Code:
    # chattr -i badscript

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •