[Centos] Think someone has got into my server...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



WipeOut wrote:
> I have just run chkrootkit on my server and have the following two 
> suspicious entries..
> 
> Searching for suspicious files and dirs, it may take a while...
> /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist

There should be only a list of perl packages in that file. You can check
it very easily.

> and further down..
> 
> Checking `bindshell'... INFECTED (PORTS:  465)
> 
> Anyone have any advice for getting rid of it??

Find out which program listens on that port - and if you need it. 465
is smtps (SMTP over SSL).

You can do so with netstat, lsof or fuser.

chkrootkit can only give you hints - you have to look for yourself, if
it is assuming correctly or fooling you.

Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.caosity.org/pipermail/centos/attachments/20050111/809e6b8e/attachment.bin

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux