Uselib24/bindz - owned!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Nick wrote:
> Rick Philbrick wrote:
>> Hi,
>>
>> Well thats telling.  So do you have chkroot-kit installed?  Although
>> you know you've got to have a root-kit on there. Anyway, it may help
>> narrow your search of the directories and the changes within.
>>
>> -rickp
>>
> 
> Well i quarantined the files and then ran rkhunter and chkrootkit and 
> both came back ok. Not going to risk not starting over on the box but if 
> i can't tell how they got in then I'm not stopping it happening again. 
> It could of course have something to do with one of the webapps the box 
> runs (forum software)...
> 
> Also i found my iptables script wasn't blocking port 80 and port 21 
> outbound.... school boy error.
> 

Hi -

I'm guessing that this happened by an overly friendly webapp, since the 
processes are in fact running under the 'apache' username.  I think that 
if I were doing this - and I had a clue - I'd run this application under 
a less conspicuous username.

You probably knew that.  Couldn't hurt to throw that out, eh?

Thanks
-dant

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux