RE: Strange connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-07-19 at 20:33, Tomas Larsson wrote:
> Well, disconnected now.
> Actually I'm running phpbb on the system.
> 
> Going through the logs, and seen some strange things.
> It seems that obviously someone got into this server, and made it to
> download some nasty things:
> I assume that they used phpBB to get in??

More than likely.  It is my understanding that phpBB suffers from a wide
variety of security holes and is a likely way in to a system.

> Is there any app I can use to scan my other linux-boxes (not running
> httpd) and see if they are infected, and the infected one to find out what
> happened.
> 

You can try chkrootkit and rkhunter.  Would also recommend you install
and configure tripwire.

Blocking outgoing ports is just as important as blocking incoming
ports.  :)

> And Yes I will do a complete reinstall, on reformatted disks.

-- 
Scot L. Harris
webid@xxxxxxxxxx

Your reasoning is excellent -- it's only your basic assumptions that are wrong. 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux