[nSLUG] apache used to generate spam

D G Teed donald.teed at gmail.com
Fri Apr 17 11:17:06 ADT 2009


On Fri, Apr 17, 2009 at 10:42 AM, Eri Ramos Bastos <bastos.eri at gmail.com>wrote:

>
> Have you checked for root kits?
>
>
I always consider that possibility.  The tool I've used before - chkrootkit
- has not been updated in 2 years so I'm not sure how useful it is.
As I mentioned before, it came up clean with a fresh install
of that tool run in the local directory.

If the person had root, they could do something about
us having postfix shutdown.   If I saw something funky
happening, like commands misbehaving, I'd certainly
shutdown the box and boot from a CDROM to investigate.
So far, it just looks like the run of the mill apache user rights stuff.

--Donald
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20090417/cfd73271/attachment.html>


More information about the nSLUG mailing list