Re: Security Breach ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: Security Breach ?
From: Dave Jones <davej@xxxxxxxxxx>
Date: Wed, 2 Mar 2005 18:27:51 -0500
In-reply-to: <[email protected]>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]> <[email protected]> <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mutt/1.4.1i

On Wed, Mar 02, 2005 at 06:12:05PM -0500, Chris Strzelczyk wrote:
 >        if ($args =~ /^\001VERSION\001$/) {
 >          notice("$pn", "\001VERSION rootworm-$VERSAO in perl \001");

Oh dear. Seems to connect to undernet irc, and wait for commands
botnet-style by the looks of things (caveat: my perl-fu is weak).

What public facing scripts were you running on that server?
You've already ruled out phpBB, but anything else ?

If you haven't done so already, I'd kill that process, take
the box offline for forensic purposes, and don't put it back online
until it's been reinstalled.

		Dave

References:
- Security Breach ?
  - From: Chris Strzelczyk
- Re: Security Breach ?
  - From: Alexander Dalloz
- Re: Security Breach ?
  - From: Chris Strzelczyk

Prev by Date: Re: Security Breach ?
Next by Date: Re: Security Breach ?
Previous by thread: Re: Security Breach ?
Next by thread: Re: Security Breach ?
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]