Hacked? /usr/share/webmin/apache32.ico.1

2 posts / 0 new
Last post
#1 Thu, 07/07/2016 - 21:08

Hacked? /usr/share/webmin/apache32.ico.1

I have Ubuntu 12.04 with latest updates running. I found that I had /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d running a lot so starting digging into it. The file doesn't exist. When I started grep to find where it was coming from, I had two perl scripts masked as image files:

/usr/share/webmin/apache32.ico.1:my @rps = ("/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d"); /usr/share/webmin/apache.png:my @rps = ("/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d");

Is this a known vulnerability or any idea how I got this?

Thanks, Alan

Thu, 07/07/2016 - 21:41

I just found the announcements on the vulnerability 1.8 fixed. I'm now cleaning up my system.

Topic locked