Re: Security Breach ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 02, 2005 at 06:12:05PM -0500, Chris Strzelczyk wrote:
 >        if ($args =~ /^\001VERSION\001$/) {
 >          notice("$pn", "\001VERSION rootworm-$VERSAO in perl \001");

Oh dear. Seems to connect to undernet irc, and wait for commands
botnet-style by the looks of things (caveat: my perl-fu is weak).

What public facing scripts were you running on that server?
You've already ruled out phpBB, but anything else ?

If you haven't done so already, I'd kill that process, take
the box offline for forensic purposes, and don't put it back online
until it's been reinstalled.

		Dave


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux