I have a wired problem, resolv.conf file keeps getting attributes even if i removed it, it returns after a few seconds:
# lsattr /etc/resolv.conf:
----i----------- /etc/resolv.conf
# chattr -i /etc/resolv.conf
# lsattr /etc/resolv.conf:
---------------- /etc/resolv.conf
After a few seconds, it returns again!! :
# lsattr /etc/resolv.conf:
----i----------- /etc/resolv.conf
Also, /etc/resolv.conf value has been changed from my local DNS to "223.6.6.6" and a line of encrypted content like this:
# cat /etc/resolv.conf:
nameserver 223.6.6.6
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
And resolv.conf file becomes unchangeable. I have made sure that NIC is configured well.
Any ideas please??
Thanks in advance.
resolv.conf weird problem, its content keeps changing with encrypted content
Re: resolv.conf weird problem, its content keeps changing with encrypted content
"223.6.6.6" is an ip address that whois says belongs to alibaba in China. They have a cloud service that anyone can rent a VM from. I would be very very suspicious about this - I would guess that you've been hacked and there is a foreign process running that changes the contents of resolv.conf back to the attackers DNS server so that any attempt you make to contact anywhere else is redirected to them. That process presumably then makes the resolv.conf file immutable to stop an admin from changing it.
Remove the machine from the network, boot from installation media in rescue mode (an option off the troubleshooting menu) and backup all your data then get ready to reinstall the machine from scratch. Inspect any data that you restore to the newly installed machine to make sure you are not restoring the compromise.
Remove the machine from the network, boot from installation media in rescue mode (an option off the troubleshooting menu) and backup all your data then get ready to reinstall the machine from scratch. Inspect any data that you restore to the newly installed machine to make sure you are not restoring the compromise.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke