Hacked Servers
Aus HS Syswiki
Version vom 10. September 2015, 14:44 Uhr von Tch (Diskussion | Beiträge)
Server List:
- -tux25 [Done]
- -tux307 [Done | Not in Prod]
- -tux163 [Done]
- -tux247 [Done]
- -tux219 [Done]
- -tux3.at [Done]
- -tux197 [Done]
- -tux157 [Done]
- -tux155 [Done]
- -tux159 [Done | New Kernel with iptables logs]
- -tux153 [Done | New Kernel with iptables logs]
- -tux193 [Done | New Kernel with iptables logs]
- -tux195 [Done | New Kernel with iptables logs]
- -tux199 [Done | New Kernel with iptables logs]
Command line used to find SUID files owned by user root:
mkdir -p ~/sysadmin/hack && /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 find / -type f -user root \( -perm -4000 -o -perm -2000 \) -exec ls -lg {} \; 2>/dev/null > ~/sysadmin/hack/suidfiles.txt &
Find hacked .htaccess files:
/usr/bin/nice -n 19 /usr/bin/ionice -c2 -n7 find /home/www/ -type f -name .htaccess -exec egrep -l 'alecspiegel|khiuh3.php|162.216.6.208' {} \; 2>/dev/null > ~/sysadmin/hack/list_`date -I` &
Remove hacks from .htaccess files:
cat list_2015-09-09 | awk '{print "bash remove.sh " $1}' | bash
Cleaned servers:
tux25:
tux25:~/sysadmin # cat suidfiles.txt -rwsr-xr-x 1 root 74720 12. Okt 2007 /bin/mount ---s--x--x 1 root 226 31. Aug 16:01 /bin/delp <<< Done by Sysad -rwsr-xr-x 1 root 57184 12. Okt 2007 /bin/umount -rwsr-xr-x 1 root 35936 21. Sep 2007 /bin/ping6 -rwsr-xr-x 1 root 32304 21. Sep 2007 /bin/su -rwsr-xr-x 1 root 40192 21. Sep 2007 /bin/ping -rwsr-xr-x 1 shadow 23384 21. Sep 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 shadow 10864 21. Sep 2007 /sbin/unix2_chkpwd -r-sr-xr-x 1 bin 154584 18. Jan 2012 /var/dcc/libexec/dccsight -rwsr-xr-x 1 daemon 10952 21. Sep 2007 /usr/lib/majordomo/wrapper -rwsr-xr-x 1 root 27081 21. Sep 2007 /usr/lib64/pt_chown -rwsr-xr-x 1 root 10856 22. Sep 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwxr-sr-x 1 103 15056 22. Sep 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 trusted 40672 21. Sep 2007 /usr/bin/crontab -rwsr-xr-x 1 root 10856 21. Sep 2007 /usr/bin/man -rwsr-xr-x 1 root 10856 21. Sep 2007 /usr/bin/mandb -rwsr-xr-x 1 shadow 78888 21. Sep 2007 /usr/bin/chfn -rwsr-xr-x 1 root 144344 27. Jan 2009 /usr/bin/sudo -rwsr-xr-x 1 root 19680 21. Sep 2007 /usr/bin/newgrp -rwxr-sr-x 1 tty 15016 21. Sep 2007 /usr/bin/write -rwsr-xr-x 1 shadow 19552 21. Sep 2007 /usr/bin/expiry -rwsr-xr-x 1 shadow 82424 21. Sep 2007 /usr/bin/gpasswd -rwsr-xr-x 1 shadow 82744 21. Sep 2007 /usr/bin/chage -rwsr-xr-x 1 shadow 78208 21. Sep 2007 /usr/bin/passwd -rwsr-xr-x 1 shadow 74232 21. Sep 2007 /usr/bin/chsh -rwxr-sr-x 1 tty 15152 21. Sep 2007 /usr/bin/wall -rwsr-x--- 1 dialout 58856 28. Mai 2008 /usr/sbin/mtr -r-xr-sr-x 1 mail 2856959 5. Dez 2014 /usr/sbin/sendmail -rwsr-xr-x 1 root 10784 4. Jul 2008 /usr/sbin/zypp-checkpatches-wrapper -r-sr-xr-x 1 bin 189707 23. Aug 2010 /usr/local/bin/cdcc -r-sr-xr-x 1 bin 584923 23. Aug 2010 /usr/local/bin/dccproc -rws--x--x 1 root 58453 16. Jan 2015 /usr/local/apache2-2.2.29/sbin/suexec.confixx -rws--x--x 1 root 58453 16. Jul 09:13 /usr/local/apache2-2.2.29/sbin/suexec2
tux163:
cat suidfiles.txt -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -r-sr-xr-x 1 bin 154584 Nov 24 2008 /var/dcc/libexec/dccsight -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -r-xr-sr-x 1 mail 2856959 Dec 5 2014 /usr/sbin/sendmail -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rws--x--x 1 root 58453 Sep 4 15:12 /usr/local/apache2-2.2.29/sbin/suexec2 -rws--x--x 1 root 58453 Jan 16 2015 /usr/local/apache2-2.2.29/sbin/suexec.confixx -r-sr-xr-x 1 bin 584923 Nov 24 2008 /usr/local/bin/dccproc -r-sr-xr-x 1 bin 189707 Nov 24 2008 /usr/local/bin/cdcc -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd <<< change group password -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn <<< change finger information -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage <<< change user password expiry information -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp <<< Done by Sysad -rw-r--r-- 1 root root 0 Sep 9 09:21 list_2015-09-09
tux247:
-rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -r-sr-xr-x 1 bin 584923 May 2 2011 /usr/local/bin/dccproc -r-sr-xr-x 1 bin 189707 May 2 2011 /usr/local/bin/cdcc -rws--x--x 1 root 58453 Jan 16 2015 /usr/local/apache2-2.2.29/sbin/suexec.confixx -rws--x--x 1 root 58453 Sep 1 14:35 /usr/local/apache2-2.2.29/sbin/suexec2 -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -r-xr-sr-x 1 mail 2856959 Dec 5 2014 /usr/sbin/sendmail -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp <<< Done by Sysad -rwsr-xr-x 1 root 661528 Feb 3 2013 /boot1/initr <<< Folder boot1 created by the hackers. initr fake bash created by the hacker (Folder removed) -r-sr-xr-x 1 bin 154584 May 2 2011 /var/dcc/libexec/dccsight -rwsr-xr-x 1 root 431516 Sep 29 2011 /sbin/sid <<< Fake bash by the hacker (file removed) -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rw-r--r-- 1 root root 0 Sep 9 09:23 list_2015-09-09 File: `/sbin/sid' Size: 431516 Blocks: 856 IO Block: 4096 regular file Device: 803h/2051d Inode: 1573092 Links: 1 Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2015-09-08 02:02:43.000000000 +0200 Modify: 2011-09-29 18:34:41.000000000 +0200 Change: 2013-11-26 23:16:25.000000000 +0100
tux219:
cat suidfiles.txt -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rwsr-xr-x 1 root 431516 Sep 29 2011 /sbin/sid <<< Fake bash by the hacker (file removed) -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp <<< Done by Sysad -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -r-sr-xr-x 1 bin 154584 Aug 29 2011 /var/dcc/libexec/dccsight -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -r-xr-sr-x 1 mail 2856959 Dec 5 2014 /usr/sbin/sendmail -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -r-sr-xr-x 1 bin 189707 Aug 29 2011 /usr/local/bin/cdcc -r-sr-xr-x 1 bin 584923 Aug 29 2011 /usr/local/bin/dccproc -rws--x--x 1 root 58453 Jan 16 2015 /usr/local/apache2-2.2.29/sbin/suexec.confixx -rws--x--x 1 root 58453 Sep 8 15:55 /usr/local/apache2-2.2.29/sbin/suexec2 -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rw-r--r-- 1 root root 0 Sep 9 09:24 list_2015-09-09 File: `/sbin/sid' Size: 431516 Blocks: 856 IO Block: 4096 regular file Device: 803h/2051d Inode: 1573092 Links: 1 Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2015-09-09 09:57:13.000000000 +0200 Modify: 2011-09-29 18:34:41.000000000 +0200 Change: 2013-11-26 23:16:25.000000000 +0100
tux3.at:
cat suidfiles.txt -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -r-sr-xr-x 1 bin 154584 Oct 19 2009 /var/dcc/libexec/dccsight -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -r-xr-sr-x 1 mail 2712278 Nov 15 2007 /usr/sbin/sendmail -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -r-sr-xr-x 1 bin 584923 Oct 19 2009 /usr/local/bin/dccproc -r-sr-xr-x 1 bin 189707 Oct 19 2009 /usr/local/bin/cdcc -rws--x--x 1 root 58453 Apr 5 2013 /usr/local/apache2-2.2.24/sbin/suexec.confixx -rws--x--x 1 root 58453 Jun 5 2013 /usr/local/apache2-2.2.24/sbin/suexec2 -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rw-r--r-- 1 root root 0 Sep 9 09:24 list_2015-09-09
tux197:
cat suidfiles.txt -r-sr-xr-x 1 bin 154584 Dec 22 2009 /var/dcc/libexec/dccsight -r-xr-sr-x 1 mail 2712278 Nov 15 2007 /usr/sbin/sendmail -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -r-sr-xr-x 1 bin 584923 Dec 22 2009 /usr/local/bin/dccproc -r-sr-xr-x 1 bin 189707 Dec 22 2009 /usr/local/bin/cdcc -rws--x--x 1 root 58453 Apr 5 2013 /usr/local/apache2-2.2.24/sbin/suexec.confixx -rws--x--x 1 root 58453 Jun 14 2013 /usr/local/apache2-2.2.24/sbin/suexec2 -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rwsr-xr-x 1 root 431516 Sep 29 2011 /sbin/sid <<< Fake bash by the hacker (file removed) -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rw-r--r-- 1 root root 25769 Sep 9 11:19 list_2015-09-09 <<< Cleaned File: `/sbin/sid' Size: 431516 Blocks: 856 IO Block: 4096 regular file Device: 803h/2051d Inode: 1015851 Links: 1 Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2015-09-09 01:13:42.000000000 +0200 Modify: 2011-09-29 18:34:41.000000000 +0200 Change: 2013-02-05 22:44:09.000000000 +0100
tux157:
broot@tux157.hoststar.ch -rw-r--r-- 1 root root 76224 3. Sep 2014 /home/www/confixx/html/skins/ex.php cat suidfiles.txt -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rws--x--x 1 root 58453 Apr 5 2013 /usr/local/apache2-2.2.24/sbin/suexec.confixx -rws--x--x 1 root 58453 Jun 14 2013 /usr/local/apache2-2.2.24/sbin/suexec2 -r-sr-xr-x 1 bin 189707 Oct 20 2008 /usr/local/bin/cdcc -r-sr-xr-x 1 bin 584923 Oct 20 2008 /usr/local/bin/dccproc -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -r-xr-sr-x 1 mail 2712278 Nov 15 2007 /usr/sbin/sendmail -r-sr-xr-x 1 bin 154584 Oct 20 2008 /var/dcc/libexec/dccsight ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -rwsr-xr-x 1 root 431516 Sep 29 2011 /sbin/sid <<< Fake bash by the hacker (file removed) -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rw-r--r-- 1 root root 24986 Sep 9 15:50 list_2015-09-09 File: `/sbin/sid' Size: 431516 Blocks: 856 IO Block: 4096 regular file Device: 803h/2051d Inode: 844276 Links: 1 Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2015-09-09 01:52:43.000000000 +0200 Modify: 2011-09-29 18:34:41.000000000 +0200 Change: 2013-01-07 23:43:23.000000000 +0100
tux155:
broot@tux155.hoststar.ch -rw-r--r-- 1 root root 76224 3. Sep 2014 /home/www/confixx/html/skins/ex.php cat suidfiles.txt ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -r-sr-xr-x 1 bin 154584 Sep 30 2008 /var/dcc/libexec/dccsight -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -r-sr-xr-x 1 bin 584923 Sep 30 2008 /usr/local/bin/dccproc -r-sr-xr-x 1 bin 189707 Sep 30 2008 /usr/local/bin/cdcc -rws--x--x 1 root 58453 Apr 5 2013 /usr/local/apache2-2.2.24/sbin/suexec.confixx -rws--x--x 1 root 58453 May 2 2013 /usr/local/apache2-2.2.24/sbin/suexec2 -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -r-xr-sr-x 1 mail 2712278 Nov 15 2007 /usr/sbin/sendmail -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rw-r--r-- 1 root root 21467 Sep 9 16:19 list_2015-09-09
tux159:
broot@tux159.hoststar.ch -rw-r--r-- 1 root root 76224 3. Sep 2014 /home/www/confixx/html/skins/ex.php cat suidfiles.txt -r-sr-xr-x 1 bin 189707 Sep 19 2008 /usr/local/bin/cdcc -r-sr-xr-x 1 bin 584923 Sep 19 2008 /usr/local/bin/dccproc -rws--x--x 1 root 58453 Jan 16 2015 /usr/local/apache2-2.2.29/sbin/suexec.confixx -rws--x--x 1 root 58453 Sep 9 09:23 /usr/local/apache2-2.2.29/sbin/suexec2 -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -r-xr-sr-x 1 mail 2856959 Dec 5 2014 /usr/sbin/sendmail -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -r-sr-xr-x 1 bin 154584 Mar 2 2012 /var/dcc/libexec/dccsight -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rw-r--r-- 1 root root 68 Sep 10 08:01 list_2015-09-10
tux153:
broot@tux153.hoststar.ch -rw-r--r-- 1 root root 76224 3. Sep 2014 /home/www/confixx/html/skins/ex.php cat suidfiles.txt -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -r-sr-xr-x 1 bin 154584 Sep 16 2008 /var/dcc/libexec/dccsight -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -r-sr-xr-x 1 bin 584923 Sep 16 2008 /usr/local/bin/dccproc -r-sr-xr-x 1 bin 189707 Sep 16 2008 /usr/local/bin/cdcc -rws--x--x 1 root 58453 Jun 14 2013 /usr/local/apache2-2.2.24/sbin/suexec2 -rws--x--x 1 root 58453 Apr 5 2013 /usr/local/apache2-2.2.24/sbin/suexec.confixx -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -r-xr-sr-x 1 mail 2712278 Nov 15 2007 /usr/sbin/sendmail -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -rw-r--r-- 1 root root 21621 Sep 10 09:05 list_2015-09-10
tux193:
broot@tux193.hoststar.ch -rw-r--r-- 1 root root 76224 3. Sep 2014 /home/www/confixx/html/skins/ex.php -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -r-xr-sr-x 1 mail 2712278 Nov 15 2007 /usr/sbin/sendmail -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rws--x--x 1 root 58453 Jul 16 2013 /usr/local/apache2-2.2.24/sbin/suexec2 -rws--x--x 1 root 58453 Apr 5 2013 /usr/local/apache2-2.2.24/sbin/suexec.confixx -r-sr-xr-x 1 bin 189707 Nov 3 2009 /usr/local/bin/cdcc -r-sr-xr-x 1 bin 584923 Nov 3 2009 /usr/local/bin/dccproc -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 root 431516 Sep 29 2011 /sbin/sid <<< Fake bash by the hacker (file removed) -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -r-sr-xr-x 1 bin 154584 Feb 14 2012 /var/dcc/libexec/dccsight -rwsr-xr-x 1 root 661528 Feb 5 2013 /boot1/initr <<< Fake bash by the hacker (file removed) -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rw-r--r-- 1 root root 26816 Sep 10 09:33 list_2015-09-10
tux195:
broot@tux195.hoststar.ch -rw-r--r-- 1 root root 76224 3. Sep 2014 /home/www/confixx/html/skins/ex.php cat suidfiles.txt -rwsr-xr-x 1 root 431516 Sep 29 2011 /sbin/sid <<< Fake bash by the hacker (file removed) -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rws--x--x 1 root 58453 Jul 16 2013 /usr/local/apache2-2.2.24/sbin/suexec2 -rws--x--x 1 root 58453 Apr 5 2013 /usr/local/apache2-2.2.24/sbin/suexec.confixx -r-sr-xr-x 1 bin 189707 Nov 18 2009 /usr/local/bin/cdcc -r-sr-xr-x 1 bin 584923 Nov 18 2009 /usr/local/bin/dccproc -r-xr-sr-x 1 mail 2712278 Nov 15 2007 /usr/sbin/sendmail -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -r-sr-xr-x 1 bin 154584 Dec 12 2011 /var/dcc/libexec/dccsight -rw-r--r-- 1 root root 27291 Sep 10 11:39 list_2015-09-10
tux199:
broot@tux199.hoststar.ch -rw-r--r-- 1 root root 76224 3. Sep 2014 /home/www/confixx/html/skins/ex.php cat suidfiles.txt -r-sr-xr-x 1 bin 154584 Jan 9 2012 /var/dcc/libexec/dccsight -rwsr-xr-x 1 shadow 23384 Sep 21 2007 /sbin/unix_chkpwd -rwsr-xr-x 1 shadow 10864 Sep 21 2007 /sbin/unix2_chkpwd -rwsr-xr-x 1 root 10784 Jul 4 2008 /usr/sbin/zypp-checkpatches-wrapper -r-xr-sr-x 1 mail 2856959 Dec 5 2014 /usr/sbin/sendmail -rwsr-x--- 1 dialout 58856 May 28 2008 /usr/sbin/mtr -rws--x--x 1 root 58453 Jan 16 2015 /usr/local/apache2-2.2.29/sbin/suexec.confixx -rws--x--x 1 root 58453 Sep 9 09:34 /usr/local/apache2-2.2.29/sbin/suexec2 -r-sr-xr-x 1 bin 189707 May 26 2008 /usr/local/bin/cdcc -r-sr-xr-x 1 bin 584923 May 26 2008 /usr/local/bin/dccproc -rwsr-xr-x 1 shadow 78888 Sep 21 2007 /usr/bin/chfn -rwsr-xr-x 1 root 144344 Jan 27 2009 /usr/bin/sudo -rwsr-xr-x 1 shadow 74232 Sep 21 2007 /usr/bin/chsh -rwsr-xr-x 1 shadow 82424 Sep 21 2007 /usr/bin/gpasswd -rwxr-sr-x 1 tty 15016 Sep 21 2007 /usr/bin/write -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/mandb -rwsr-xr-x 1 shadow 19552 Sep 21 2007 /usr/bin/expiry -rwsr-xr-x 1 shadow 82744 Sep 21 2007 /usr/bin/chage -rwsr-xr-x 1 trusted 40672 Sep 21 2007 /usr/bin/crontab -rwxr-sr-x 1 tty 15152 Sep 21 2007 /usr/bin/wall -rwsr-xr-x 1 root 10856 Sep 21 2007 /usr/bin/man -rwsr-xr-x 1 shadow 78208 Sep 21 2007 /usr/bin/passwd -rwsr-xr-x 1 root 19680 Sep 21 2007 /usr/bin/newgrp -rwsr-xr-x 1 daemon 10952 Sep 21 2007 /usr/lib/majordomo/wrapper -rwxr-sr-x 1 103 15056 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper -rwsr-xr-x 1 root 10856 Sep 22 2007 /usr/lib64/PolicyKit/polkit-grant-helper-pam -rwsr-xr-x 1 root 27081 Sep 21 2007 /usr/lib64/pt_chown ---s--x--x 1 root 226 Aug 31 16:01 /bin/delp -rwsr-xr-x 1 root 74720 Oct 12 2007 /bin/mount -rwsr-xr-x 1 root 40192 Sep 21 2007 /bin/ping -rwsr-xr-x 1 root 57184 Oct 12 2007 /bin/umount -rwsr-xr-x 1 root 32304 Sep 21 2007 /bin/su -rwsr-xr-x 1 root 35936 Sep 21 2007 /bin/ping6 -rw-r--r-- 1 root root 47366 Sep 10 13:56 list_2015-09-10
tuxYYTEMPLATE:
Other servers to check:
broot@tux3.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 25 2014 /sbin/sid broot@tux15.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux13.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux81.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux107.hoststar.ch -rwsr-xr-x 1 root web297 431516 Sep 29 2011 /sbin/sid broot@tux111.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux121.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux119.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux147.hoststar.ch -rwsr-xr-x 1 root web97 431516 Sep 29 2011 /sbin/sid broot@tux151.hoststar.ch -rwsr-xr-x 1 root web29 431516 Sep 29 2011 /sbin/sid broot@tux123.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux171.hoststar.ch -rwsr-xr-x 1 root 1272 431516 Sep 29 2011 /sbin/sid broot@tux167.hoststar.ch -rwsr-xr-x 1 root web78 431516 Sep 29 2011 /sbin/sid broot@tux173.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux185.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux181.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux187.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux193.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux179.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux195.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux189.hoststar.ch -rwxr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux191.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux201.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux203.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux211.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux207.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux205.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux209.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux231.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux213.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux233.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux221.hoststar.ch -rwxr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux217.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux223.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux241.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux243.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux225.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux245.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux259.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux279.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux299.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid broot@tux319.hoststar.ch -rwsr-xr-x 1 root web90 431516 Sep 29 2011 /sbin/sid broot@tux237.hoststar.ch -rwsr-xr-x 1 root root 431516 Sep 29 2011 /sbin/sid Removed: broot@tux81.hoststar.ch -rwsr-xr-x 1 root root 661528 Aug 14 2012 /boot1/initr broot@tux123.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 22 2013 /boot1/initr broot@tux121.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 25 2013 /boot1/initr broot@tux99.hoststar.ch -rwsr-xr-x 1 root root 661528 Jan 16 2012 /boot1/initr broot@tux107.hoststar.ch -rwsr-xr-x 1 root root 661528 Jan 7 2013 /boot1/initr broot@tux147.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 4 2012 /boot1/initr broot@tux151.hoststar.ch -rwxr-xr-x 1 root root 661528 Jan 7 2013 /boot1/initr broot@tux171.hoststar.ch -rwsr-xr-x 1 root root 661528 Jan 7 2013 /boot1/initr broot@tux167.hoststar.ch -rwsr-xr-x 1 root root 661528 Jan 7 2013 /boot1/initr broot@tux185.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 21 2013 /boot1/initr broot@tux187.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 21 2013 /boot1/initr broot@tux181.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 21 2013 /boot1/initr broot@tux189.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 21 2013 /boot1/initr broot@tux207.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 4 2013 /boot1/initr broot@tux193.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 5 2013 /boot1/initr broot@tux203.hoststar.ch -rwsr-xr-x 1 root root 661528 Jan 7 2013 /boot1/initr broot@tux201.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 5 2013 /boot1/initr broot@tux195.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 5 2013 /boot1/initr broot@tux199.hoststar.ch -rwsr-xr-x 1 root root 661528 Aug 14 2012 /boot1/initr broot@tux217.hoststar.ch -rwsr-xr-x 1 root root 661528 Jan 16 2012 /boot1/initr broot@tux241.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 3 2013 /boot1/initr broot@tux237.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 3 2013 /boot1/initr broot@tux251.hoststar.ch -rwsr-xr-x 1 root root 661528 Jan 16 2012 /boot1/initr broot@tux319.hoststar.ch -rwsr-xr-x 1 root root 661528 Feb 27 2012 /boot1/initr broot@tux259.hoststar.ch -rwsr-xr-x 1 root root 661528 Jan 16 2012 /boot1/initr