-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Steve Buehler wrote: > My firewalls don't allow ssh access from other than my address and only > with a public/private key pair. I take it you were exploited via a PHP application of some kind? which RH version is this? If you are using RHEL4 (or Fedora Core >= 4) I would recommend enabling SELinux, particularly if you are dallying with the security sieve that PHP appears to be... > Any help would be appreciated since this person is going to get me > blocked because of them trying to fish for ebay and paypal > logins/passwords. You can no longer trust this system at all. Absolutely any of the existing binaries could have been replaced by trojans. Do you have physical access? boot into a rescue environment, run your rootkit checks from there. But IMHO you probably need to reinstall. - back up and check your webcontent and scripts (prolly config files too). Then reinstall the system and lock it down as tightly as possible. (ie, iptables, tcp_wrappers, SELinux, Apache access controls...) Checking which rootkit (if any) was installed is basically an academic issue at this point. Removing them is not guranteed to work. Regards Stuart - -- Stuart Sears RHCA RHCSS RHCX ASAP PDQ STFU There is no time like the present for postponing what you ought to be doing. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFL1ytamPtx1brPQ4RAqDtAJ9ekF7Ngo9FwDRn8cSwbYD2b/tywACfbSve 0eM7juSruyUFoMt74Sm7nZM= =5Qzo -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
