Sanjeev Sabhlok's notes on technology, hardware, gardening

A hacker implanted “link” directory ege. How to get rid of symbolic link.

The ege directory showed up as a problem during scan by Anti-Malware from GOTMLS.NET.
I went into shell and checked. The files aren't reading but the effectively are redirects. I've not come across such stuff. These redirects aren't visible on FTP.
drwxr-xr-x  2 sansab1 pg6644492   44 Jul 31 13:25 .
drwxr-xr-x 12 sansab1 pg6644492 4096 Jul 31 17:12 ..
lrwxrwxrwx  1 sansab1 pg6644492    6 Apr 13  2014 2.txt -> /home/
lrwxrwxrwx  1 sansab1 pg6644492   54 Apr 13  2014 ege.txt -> /home/nsdc/pubclic_html/
These are symbolic links.


I've managed to unlink the files:

[tiller]$ unlink 2.txt
[tiller]$ unlink ege.txt
[tiller]$ ls -al
total 8
drwxr-xr-x  2 sansab1 pg6644492   10 Jul 31 18:45 .
drwxr-xr-x 12 sansab1 pg6644492 4096 Jul 31 18:11 ..

Now there is no such file in the directory.
Have now deleted ege directory. 



View more posts from this author

Leave a Reply

Your email address will not be published. Required fields are marked *