新聞財經娛樂♬資訊 News Economy

Hi

I need urgent help.

My webserver appears to have been hacked. They have created a foilder in /usr/local/apache/htdocs called .xmlrpc. In that folder is a file xml.html.

I am trying to delete everything they have added and then remove htdocs which I do not use.

The problem : When I try to delete xml.html I get the message 'RM: Cannot remove 'xml.html' : Operation not permitted'

I have checked the file attributes using lsattr and it did have the 'I' immutable set. I have removed that using chattr. Now I get :-

lsattr   ------------- ./xml.html


I assume this means that no attributes are set. The permissions on the file are :-

-rwxrwxrwx 1 root root   73 Jul 29 10:04 xml.html*


But if I try to delete the file I still get :-

 [/usr/local/apache/htdocs/.xmlrpc]# del xml.html
rm: remove regular file `xml.html'? y
rm: cannot remove `xml.html': Operation not permitted

I also find that I cannot do anything with the folder .xmlrpc. If I try to change the ownership I get :-

[/usr/local/apache/htdocs]# chown root .xmlrpc
chown: changing ownership of `.xmlrpc': Operation not permitted

By the way I am logged in as root.

Why?

Please help.

Regards

Phil

chattr -i  file.txt
chgrp -R -v root file.txt
chown -R v root file.txt

to see it will help or not