[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Strange connection

Well, disconnected now.
Actually I'm running phpbb on the system.

Going through the logs, and seen some strange things.
It seems that obviously someone got into this server, and made it to
download some nasty things:
I assume that they used phpBB to get in??

gulie.tgz, this one is clearly a virys, symantec calls it "Linux.RST.B"

The others is


Haven't got a clue what it is, but I don't think they are nice.

Now, the big question is, will they affect other boxes on the network as
well. I assume that the XP-Boxes should be alright.

Is there any app I can use to scan my other linux-boxes (not running
httpd) and see if they are infected, and the infected one to find out what

And Yes I will do a complete reinstall, on reformatted disks.

With best regards

Tomas Larsson

Verus Amicus Est Tamquam Alter Idem

> -----Original Message-----
> From: fedora-list-bounces redhat com
> [mailto:fedora-list-bounces redhat com] On Behalf Of Scot L. Harris
> Sent: Wednesday, July 20, 2005 1:58 AM
> To: Fedora List
> Subject: Re: Strange connection
> On Tue, 2005-07-19 at 19:29, Tomas Larsson wrote:
> > Doing a netstat on my server, I find a strange connection.
> >
> > It's a crond-job with Apache as owner, and it seems to go to an
> > irc-server, called, "carouge.ch.eu.undernet.org",
> > anyone that knows what this is??
> Sounds like you need to disconnect this system from the
> Internet immediately and do a bare metal install.
> Don't try to take any half measures. Review the packages you
> have installed to figure out how they got in to start with.
> Running phpbb, awstat, or postnuke by chance?
> --
> Scot L. Harris
> webid cfl rr com
> Yes, but every time I try to see things your way, I get a headache.
> --
> fedora-list mailing list
> fedora-list redhat com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]