Re: Security Breach ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mi, den 02.03.2005 schrieb Chris Strzelczyk um 23:46:

> I do run Apache but not a phpBB form.  Is there some hole in Apache 
> that I am not aware off which
> allows users to run IRC?

> -cs

Please avoid top-posting and quoting the full previous mail.

I asked for whether running phpBB because there are worms which use a
weakness of this forum application. It is a trojan and establishes an
irc connection. I don't know if some worm versions use bash, I heard of
those using Perl.
Well, you have the PID of the suspicious connections to irc server (you
can connect to the listed IPs using telnet to see they are really
running an ircd) and locate where they are coming from, who owns these
PIDs. I would worry for these connections. Although you gave too less
information to be serious about what it means. So you didn't say whether
you have users on the host in question which could use specific
programs. At least bash to irc servers seem very uncommon to me.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.14_FC2smp 
Serendipity 00:02:22 up 9 days, 11:11, load average: 0.21, 0.37, 0.31 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux