On Tue, 2005-07-19 at 20:33, Tomas Larsson wrote: > Well, disconnected now. > Actually I'm running phpbb on the system. > > Going through the logs, and seen some strange things. > It seems that obviously someone got into this server, and made it to > download some nasty things: > I assume that they used phpBB to get in?? More than likely. It is my understanding that phpBB suffers from a wide variety of security holes and is a likely way in to a system. > Is there any app I can use to scan my other linux-boxes (not running > httpd) and see if they are infected, and the infected one to find out what > happened. > You can try chkrootkit and rkhunter. Would also recommend you install and configure tripwire. Blocking outgoing ports is just as important as blocking incoming ports. :) > And Yes I will do a complete reinstall, on reformatted disks. -- Scot L. Harris webid@xxxxxxxxxx Your reasoning is excellent -- it's only your basic assumptions that are wrong.