Am Mi, den 02.03.2005 schrieb Chris Strzelczyk um 23:46: > I do run Apache but not a phpBB form. Is there some hole in Apache > that I am not aware off which > allows users to run IRC? > -cs Please avoid top-posting and quoting the full previous mail. I asked for whether running phpBB because there are worms which use a weakness of this forum application. It is a trojan and establishes an irc connection. I don't know if some worm versions use bash, I heard of those using Perl. Well, you have the PID of the suspicious connections to irc server (you can connect to the listed IPs using telnet to see they are really running an ircd) and locate where they are coming from, who owns these PIDs. I would worry for these connections. Although you gave too less information to be serious about what it means. So you didn't say whether you have users on the host in question which could use specific programs. At least bash to irc servers seem very uncommon to me. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.14_FC2smp Serendipity 00:02:22 up 9 days, 11:11, load average: 0.21, 0.37, 0.31
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
