[nSLUG] apache used to generate spam
D G Teed
donald.teed at gmail.com
Fri Apr 17 11:17:06 ADT 2009
On Fri, Apr 17, 2009 at 10:42 AM, Eri Ramos Bastos <bastos.eri at gmail.com>wrote:
> Have you checked for root kits?
I always consider that possibility. The tool I've used before - chkrootkit
- has not been updated in 2 years so I'm not sure how useful it is.
As I mentioned before, it came up clean with a fresh install
of that tool run in the local directory.
If the person had root, they could do something about
us having postfix shutdown. If I saw something funky
happening, like commands misbehaving, I'd certainly
shutdown the box and boot from a CDROM to investigate.
So far, it just looks like the run of the mill apache user rights stuff.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nSLUG