CodeHeads wrote: > If I completely redid "both" machines how can I have a root kit??? *Exactly* the same way you had one before. You had a vulnerability before, through which an attacker broke in and installed a root kit. If you then installed the same software from scratch, obviously you will have reinstalled the vulnerability. The attacker can then use exactly the same exploit to get in. As for "how it happened" so quickly, remember that the attacker knows that there has been a history of vulnerable computers at that IP address [1] -- so it's worth trying the same tricks (and related tricks) again. It wouldn't be that difficult to write a "control program" that checked to see which computers it "0wnz", and which of them are on-line. If a computer goes off-line, it could keep an eye on that IP address or DNS name (and possibly nearby ones) to see if a "cleaned" computer came back on-line -- in which case, it would want to re-install the rootkit before the legitimate administrator could install a fix. You *really* need to rethink your software. yum update won't help for this -- you will need to change to a more secure package, if there aren't any fixed versions. James. [1] If I remember right, we think the vulnerability was in a web server-side script. That sort of implies a website, DNS resolution, and probably fixed IP addresses. -- E-mail address: james | Examiner: How does an AC motor start? @westexe.demon.co.uk | Student: vrrrrrrrrrrRrRRRRRRR... | Examiner: Stop! Stop! | Student: RRRRRRRmmmmm. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list