************************************************
AUDIT : odysseet (Sun Nov 11 11:31:15 CST 2012)
************************************************

Downloading latest pattern set..
(171 patterns to search for)
Downloading latest versions set..

public_html/ permissions (0750) okay


Applications installed
----------------------
(* Most recent stable release)
Joomla CMS       1.0.15     (*2.5.8/3.0.2/(???)) => /home2/odysseet/public_html/presse

Malicious files
---------------
[Minimum required score: 5.0]
Loading modules, please wait..

(Tue Oct 16 18:22:54 2007 : 0644) /home2/odysseet/public_html/wiki/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Sat Feb  2 10:26:54 2008 : 0644) /home2/odysseet/public_html/counter/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Tue Oct 16 08:21:38 2007 : 0644) /home2/odysseet/public_html/print/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Sat Feb  2 10:25:07 2008 : 0644) /home2/odysseet/public_html/forum/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Mon Oct  6 16:35:01 2008 : 0644) /home2/odysseet/public_html/stat/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Wed Oct 17 17:17:31 2007 : 0644) /home2/odysseet/public_html/interaktiv/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Sat Feb  2 10:24:21 2008 : 0644) /home2/odysseet/public_html/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Wed Mar  3 18:51:26 2010 : 0644) /home2/odysseet/public_html/ftp/theosophie/Geheimlehre_II/153.htm [16.0] {Backdoor,}
(Tue Sep 18 18:27:37 2012 : 0644) /home2/odysseet/public_html/ftp/index1.php [15.3] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Tue Sep 18 18:29:25 2012 : 0644) /home2/odysseet/public_html/ftp/index0.php [15.4] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Tue Sep 18 18:30:41 2012 : 0644) /home2/odysseet/public_html/ftp/index3.php [15.2] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Tue Sep 18 18:30:04 2012 : 0644) /home2/odysseet/public_html/ftp/index2.php [15.2] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Thu Mar  4 03:32:47 2010 : 0644) /home2/odysseet/public_html/ftp/index.php [15.3] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Wed Feb 24 16:31:32 2010 : 0644) /home2/odysseet/public_html/ftp/_private/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Tue Oct 16 03:01:31 2007 : 0644) /home2/odysseet/public_html/schauspieler/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Tue Oct 16 02:41:09 2007 : 0644) /home2/odysseet/public_html/info/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Tue Oct 16 08:00:46 2007 : 0644) /home2/odysseet/public_html/tickets/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}
(Thu Oct 18 16:36:10 2007 : 0644) /home2/odysseet/public_html/download/ctracker.php [15.7] {ETC_SHADOW,HTPASSWD,ETC_PASSWD,BASH_HISTORY,}

FTP logins
----------
SOURCE             DATES
--------------     -----
74.52.61.194       Nov 11  (huckleberry.site5.com)
188.22.165.11      Nov  6  (188-22-165-11.adsl.highway.telekom.at)

ControlPanel logins
-------------------
SOURCE             DATES
---------------    -----
188.22.162.125     10/27/2012 (188-22-162-125.adsl.highway.telekom.at)
188.22.162.102     11/02/2012 (188-22-162-102.adsl.highway.telekom.at)
188.22.160.0       10/29/2012 (188-22-160-0.adsl.highway.telekom.at)
188.22.163.79      10/26/2012 (188-22-163-79.adsl.highway.telekom.at)
188.22.167.184     11/04/2012 (188-22-167-184.adsl.highway.telekom.at)
188.22.164.26      11/05/2012 (188-22-164-26.adsl.highway.telekom.at)
188.22.160.43      10/31/2012 (188-22-160-43.adsl.highway.telekom.at)
188.22.165.213     11/03/2012 (188-22-165-213.adsl.highway.telekom.at)
188.22.166.234     11/07/2012 (188-22-166-234.adsl.highway.telekom.at)
188.22.165.82      11/09/2012 (188-22-165-82.adsl.highway.telekom.at)
188.22.165.11      11/06/2012 (188-22-165-11.adsl.highway.telekom.at)
188.22.162.160     10/28/2012 (188-22-162-160.adsl.highway.telekom.at)
188.22.167.132     10/30/2012 (188-22-167-132.adsl.highway.telekom.at)
188.22.165.157     11/01/2012 (188-22-165-157.adsl.highway.telekom.at)
188.22.167.97      10/25/2012 (188-22-167-97.adsl.highway.telekom.at)
BACKSTAGE          11/10/2012,11/11/2012 
188.22.166.50      11/08/2012 (188-22-166-50.adsl.highway.telekom.at)
188.22.165.190     11/11/2012 (188-22-165-190.adsl.highway.telekom.at)
188.22.160.135     11/10/2012 (188-22-160-135.adsl.highway.telekom.at)

Files modified/uploaded in last 24hrs
-------------------------------------
/home2/odysseet/public_html/wiki/images/thumb/6/65/Cloud-machine-sabbatini.jpg/200px-Cloud-machine-sabbatini.jpg
/home2/odysseet/public_html/wiki/images/thumb/3/3e/Mozart_magic_flute.jpg/250px-Mozart_magic_flute.jpg
/home2/odysseet/public_html/wiki/images/thumb/9/93/Stundenbuch.jpg/230px-Stundenbuch.jpg
/home2/odysseet/public_html/wiki/images/thumb/a/a9/Stadttheater-Bi.JPG/90px-Stadttheater-Bi.JPG
/home2/odysseet/public_html/wiki/images/thumb/a/a9/Stadttheater-Bi.JPG/450px-Stadttheater-Bi.JPG
/home2/odysseet/public_html/concrete5/files/cache/zend_cache---internal-metadatas---388d4fbc05d7481388a11cecb4ec4669e33e5708d64aa34c58ae8ec01df82457
/home2/odysseet/public_html/concrete5/files/cache/zend_cache---388d4fbc05d7481388a11cecb4ec4669e8ba180372b5b77d5b9164ef36f3ea2e
/home2/odysseet/public_html/concrete5/files/cache/zend_cache---388d4fbc05d7481388a11cecb4ec4669e33e5708d64aa34c58ae8ec01df82457
/home2/odysseet/public_html/concrete5/files/cache/zend_cache---internal-metadatas---388d4fbc05d7481388a11cecb4ec4669e8ba180372b5b77d5b9164ef36f3ea2e
/home2/odysseet/public_html/concrete5/files/cache/zend_cache---internal-metadatas---388d4fbc05d7481388a11cecb4ec4669cf1370f943c1bb729a0f01da31af3ab9
/home2/odysseet/public_html/concrete5/files/cache/zend_cache---388d4fbc05d7481388a11cecb4ec4669cf1370f943c1bb729a0f01da31af3ab9
/home2/odysseet/public_html/concrete5/files/tmp/sess_d53b2a94e8f6cef9522b69a542a6878c
/home2/odysseet/public_html/concrete5/files/tmp/sess_d3209922fea46aa6cfff285b3d01cfcf

Currently running processes under audited user
----------------------------------------------
odysseet 13261  0.0  0.0  28468  3720 ?        S    Nov10   0:03  \_ imap
odysseet 13951  0.0  0.0  75232  3376 ?        S    Nov10   0:04  \_ imap
odysseet 14094  0.0  0.0  82780  3716 ?        S    Nov10   0:03  \_ imap
odysseet 16685  0.0  0.0  23200  3536 ?        S    Nov10   0:02  \_ imap
odysseet 63116  0.0  0.0  80728  2380 ?        S    09:42   0:00  \_ imap
odysseet 13232  0.0  0.0  58368  3032 ?        S    10:07   0:00  \_ imap
odysseet 18996  0.0  0.0  78436  2024 ?        S    10:17   0:00  \_ imap
odysseet 30879  0.0  0.0  39180  2124 ?        S    10:37   0:00  \_ imap
odysseet 31683  0.0  0.0  33352  3040 ?        S    10:39   0:00  \_ imap
odysseet 62716  0.0  0.0  38232  3332 ?        S    11:21   0:00  \_ imap
odysseet 35149  0.0  0.0  61992  2280 ?        S    13:31   0:00  \_ imap
odysseet 50314  0.0  0.0  53992  2236 ?        S    13:53   0:00  \_ imap
odysseet 64293  0.0  0.0  41840  2500 ?        S    14:09   0:00  \_ imap
odysseet 14063  0.0  0.0  49372  2324 ?        S    14:57   0:00  \_ imap