1 Dec
2001
1 Dec
'01
11:33
Hallo, I found user "nobody" performing a "find" on my linux box few days ago. In the /home section of the filesystem I found a subdirectory "httpd" which I did not create. The "httpd" directory itself contained a subfolder, "bin-cgi". I didn't find any other changes. The linux machine runs IPTABLES with open ports for SSH, HTTP and HTTPs. Connection is via pppd. I'm still a "newbie" to security. I would appreciate any key words and explanations to find out if I've been hacked, how this has been achieved and how it can be avoided in the future. Thank you very much in advance. Regards, Hans Körber