On Monday 11 April 2005 07:24, Chris Kenward wrote: > Hi Folks > > Not sure whether this is the right spot for this. If not could > someone please suggest where to take it to? > > I've just discovered a file called "blackhole" in the /tmp > directory on one of my Redhat ES servers, which is completely up > to date so a bit gobsmacked that this could happen. > > Could some kind soul tell me how to get rid of it along with any > listening devices which may have been installed, and how to > protect from it again? > > The machine is a web server and is therefore available via port > 80. I also allow customers to FTP into the server using vsftpd > which I thought was pretty secure. Not sure if either of these > could be the culprit this time... > Perhaps this will help to identify the file: http://www.packetstormsecurity.org/0209-exploits/free-apache.txt http://mx.mcafee.com/virusInfo/default.asp?id=description&virus_k=100670 If your machine has been compromised, the best thing to do is to format and re-install, taking care not to open the same secuity hole that allowed the first compromise. Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
