Re: Question about .eml files I am finding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



That would make sense I got a D: Drive that maps to /home/dom which is why
that is the only directory infected.
----- Original Message -----
From: Matt Jezorek <matt@bluelinux.org>
To: <security-discuss@linuxsecurity.com>
Sent: Saturday, November 10, 2001 8:49 PM
Subject: Re: Question about .eml files I am finding


> These eml files are surly part of the nimda deal due to the readme.exe
> trying to pass as a wav file. The question is what causes the ablility to
> write to my server for that matter all over my server, I got 461 .eml
files
> on my machine. Now this is just a server with no squid which is how they
> recommend fixing this. Any other way? What would cause the ablility to
write
> to a webserver? Or how can I find more information on this deal. This is
> disturbing. The one thing I dont want is my server going around and
> spreading this to anyone? What do I need to do till i find the cause or a
> patch set a cron to run every minute and recurse thru the directorys and
> delete them every minute?
>
> Matt
> ----- Original Message -----
> From: Patrick Duane Dunston <duane@sukkha.homeip.net>
> To: <security-discuss@linuxsecurity.com>
> Sent: Saturday, November 10, 2001 9:13 PM
> Subject: Re: Question about .eml files I am finding
>
>
> > > I am finding files on my filesystem mostly where apache has access and
I
> have no clue why they are showing up on my server nor can I find any
> information in my logs
> > >
> > > Here is the Directory Listing
> >
> >
> > Here are a couple of emails I found.  Does this apply to your setup?
> >
> >
> > I found this info on the web:
> >
> > http://lugwash.washtenaw.cc.mi.us/linux-users/2001-09/msg00123.html
> > http://www.mandrakeforum.com/article.php?sid=1205&lang=en
> >
> > If not then start preparing to audit your machine for a potential
> > intrusion attempt.
> >
> > http://www.cert.org/tech_tips/intruder_detection_checklist.html
> > http://www.cert.org/tech_tips/root_compromise.html
> >
> >
> > --
> > duane
> >
> >
> > --
> >
> > GnuPG Public Key:  http://sukkha.homeip.net/pgp.html
> >
> > --
> >
> > Fun reading:  8-)
> > http://linuxtoday.com/search.php3?author=Duane:Dunston
> >
> >
> >
> > ------------------------------------------------------------------------
> >      To unsubscribe email security-discuss-request@linuxsecurity.com
> >          with "unsubscribe" in the subject of the message.
>
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@linuxsecurity.com
>          with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux