Using some packaged distro (as fedora) is pretty easy rpm -VVV on each package, and reinstall the affected ones (supossing that you have some binary replaced) The eggdrop.. you can wipe it out of the disk Eben Goodman wrote: > I actually know which user it got through on, it came in through an > insecure php nuke application. I have since removed the nuke app, but > the damage appears to be done, since this eggdrop crap is still running > on the server. Is there a way to find, and remove the software once it > has found it's way on? > > thanks, > Eben > > Dan Mahoney, System Admin wrote: > >> On Mon, 6 Jun 2005, Eben Goodman wrote: >> >> If you're doing multi-hosting, look into suexec. the fact that it >> runs CGI's as the user is kinda secondary to the fact that it shows >> you WHICH user uploaded the insecure script. >> >> For PHP scripts, I've had good luck running suPHP (which is not an >> official apache project, but something similar really should be). >> >> -Dan >> >> >>> I recently had an irc exploit on my server running this eggdrop relay >>> thing via apache. I was able to find the offending files and remove >>> them and the eggdrop processes went away for awhile, but now they are >>> back and try as I might I can't find any files that correspond to >>> this software. When viewing top it shows the eggdrop processes >>> running as apache. If I don't reboot the server for a couple days >>> the eggdrop apache processes start sucking up all cpu and gobbling >>> bandwidth. >>> >>> Has anyone else dealt with this? >>> >>> thanks, >>> Eben >>> >>> --------------------------------------------------------------------- >>> The official User-To-User support forum of the Apache HTTP Server >>> Project. >>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >> >> -- >> >> Amerikanskaya firma Transceptor Technology pristupila k poizvodstu >> komputerov "Personal'ni Sputnik" >> >> --Snap, "The Power" >> >> --------Dan Mahoney-------- >> Techie, Sysadmin, WebGeek >> Gushi on efnet/undernet IRC >> ICQ: 13735144 AIM: LarpGM >> Site: http://www.gushi.org >> --------------------------- >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server >> Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx