[H-GEN] apache2 compromised or just attempts?
Ted Percival
ted at midg3t.net
Sun May 28 20:56:27 EDT 2006
You could start with the chkrootkit and rkhunter tools (available
packaged in Debian, so probably also in Ubuntu). I think the general
course of action once a machine has been rooted is to wipe it clean and
start with a fresh install from trusted media, though.
Other things you can do include setting up iptables rules to block
outgoing connections to common IRCD ports (6667/tcp, for instance) or
disconnecting the machine from all networks.
Just remember your kernel and iptables binaries could be rooted, too.
The only safe action is to reinstall the machine from scratch, don't
forget to use different passwords for your accounts.
IANASP ;) [ SP = Security Professional ]
-Ted
Troy Piggins wrote:
> I've since found out that it's a horde 3 vulnerability - well that's the likely
> candidate at the moment.
>
> I've uninstalled it, but how do I stop those irc servers.
More information about the General
mailing list