Sanjeev Sabhlok's notes on technology, hardware, gardening

A hacker implanted “link” directory ege. How to get rid of symbolic link.

The ege directory showed up as a problem during scan by Anti-Malware from GOTMLS.NET.
 
I went into shell and checked. The files aren't reading but the effectively are redirects. I've not come across such stuff. These redirects aren't visible on FTP.
drwxr-xr-x  2 sansab1 pg6644492   44 Jul 31 13:25 .
drwxr-xr-x 12 sansab1 pg6644492 4096 Jul 31 17:12 ..
lrwxrwxrwx  1 sansab1 pg6644492    6 Apr 13  2014 2.txt -> /home/
lrwxrwxrwx  1 sansab1 pg6644492   54 Apr 13  2014 ege.txt -> /home/nsdc/pubclic_html/androidgreece.gr/wp-config.php
 
These are symbolic links.

 

I've managed to unlink the files:

 
[tiller]$ unlink 2.txt
[tiller]$ unlink ege.txt
[tiller]$ ls -al
total 8
drwxr-xr-x  2 sansab1 pg6644492   10 Jul 31 18:45 .
drwxr-xr-x 12 sansab1 pg6644492 4096 Jul 31 18:11 ..

 
Now there is no such file in the directory.
 
Have now deleted ege directory. 

 
Print Friendly, PDF & Email

sabhlok

View more posts from this author

Leave a Reply

Your email address will not be published. Required fields are marked *