Ralph Angenendt wrote: >WipeOut wrote: > > >>I have just run chkrootkit on my server and have the following two >>suspicious entries.. >> >>Searching for suspicious files and dirs, it may take a while... >>/usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist >> >> > >There should be only a list of perl packages in that file. You can check >it very easily. > > > >>and further down.. >> >>Checking `bindshell'... INFECTED (PORTS: 465) >> >>Anyone have any advice for getting rid of it?? >> >> > >Find out which program listens on that port - and if you need it. 465 >is smtps (SMTP over SSL). > >You can do so with netstat, lsof or fuser. > >chkrootkit can only give you hints - you have to look for yourself, if >it is assuming correctly or fooling you. > >Ralph > > Thanks Ralph.. I am looking into it now..
[Centos] Think someone has got into my server...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [Centos] Think someone has got into my server...
- From: wipe_out at users.sourceforge.net (WipeOut)
- Date: Tue Jan 11 11:00:19 2005
- In-reply-to: <20050111105811.GN4294@xxxxxxxxxxxx>
- References: <41E3A82B.1000808@xxxxxxxxxxxxxxxxxxxxx> <20050111105811.GN4294@xxxxxxxxxxxx>
- Follow-Ups:
- [Centos] Think someone has got into my server...
- From: Beau Henderson
- [Centos] Think someone has got into my server...
- References:
- [Centos] Think someone has got into my server...
- From: WipeOut
- [Centos] Think someone has got into my server...
- From: Ralph Angenendt
- [Centos] Think someone has got into my server...
- Prev by Date: [Centos] Think someone has got into my server...
- Next by Date: [Centos] an RPM conundrum
- Previous by thread: [Centos] Think someone has got into my server...
- Next by thread: [Centos] Think someone has got into my server...
- Index(es):
 |