0

looking for help here,

Someone has gained access to my Folder on a network-share(Redhat linux) and uploaded a file called malicious.php. I tried to delete it using Filezilla but I cannot delete this file, since I do not have the permissions to delete it.

File has rights for owner only. So technically some person can upload something to my folder and I will never be able to delete or alter that?

Is there any way to get rid of it, as I may presume that the subject has - or - will do something harmful with said malicious.php.

Thanks for your time

Improve this question
2
  • The Files are owned by root. How is that even remotely possible?
    – blacksmth
    Commented Jun 11, 2013 at 9:23
  • Did you try to simply change the permissions/ownership?
    – Bobby
    Commented Jun 11, 2013 at 9:49

1 Answer 1

Reset to default
3

looks like the server was compromised on root level: Somebody gained access to the root account (or sudo) or to a process running with that account.
They probably did not upload the file using your account details, as you don't seem to be root or has access to that account, but instead just put it in the Linux directory that represents your Samba share. Get somebody with system administrator rights to delete the file as root (using sudo or whatever works on RedHat), as you'd need to be root to change the ownership.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .