This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Hacked? /usr/share/webmin/apache32.ico.1

2 posts / 0 new

Topic locked

Last post

#1 Thu, 07/07/2016 - 21:08

harty83

Hacked? /usr/share/webmin/apache32.ico.1

I have Ubuntu 12.04 with latest updates running. I found that I had /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d running a lot so starting digging into it. The file doesn't exist. When I started grep to find where it was coming from, I had two perl scripts masked as image files:

/usr/share/webmin/apache32.ico.1:my @rps = ("/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d"); /usr/share/webmin/apache.png:my @rps = ("/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d");

Is this a known vulnerability or any idea how I got this?

Thanks, Alan

#2 Thu, 07/07/2016 - 21:41

harty83

I just found the announcements on the vulnerability 1.8 fixed. I'm now cleaning up my system.

Topic locked