[TriLUG] I've got intruders!!
Jason
jason at monsterjam.org
Mon May 15 21:10:10 EDT 2006
are you running any php scripts? ive seen this happen on my box once..
Theres a nasty css vulnerability in horde and other php apps which can be exploited easily.
regards,
Jason
On Mon, May 15, 2006 at
09:02:24PM -0400, Neil L. Little wrote:
> I recently discovered that the web server I have been working on has
> been comprimized and is relaying spam. Because it was a test server
> there nothing is really important lost but it does kinda tick me off.
>
> Of course I have taken it off the network but now I need to see how
> "they" got in ,what was done, and what I did wrong.
> I'm thinking a hole in my firewall. Also, rootkit. Then what they did to
> Sendmail (thats a little further down on the list and unimportant right
> now).
> I remember that I had a problem testing my firewall because TWC has one
> up on the their cable modem and it led me astray for a while thinking I
> had the telenet port open.
>
> Sooooo....
> Can any one suggest some reading material on the subject at hand?
> My initial search came up with:
> Real World Linux Security: Intrusion Prevention, Detection and Recovery
> by Box Toxen
> Linux Servier Security by Michael D. Bauer.
>
> Is there a definitive (or just usefull) book out there for someone just
> discovering that he crapped out in the security turkey shoot?
>
> Thanks in advance for the help!
>
> Neil Little, WA4AZL
> JARS Forever!! ..er TRILUG too!!
>
> Spammers = 1, Home team = 0
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
--
================================================
| Jason Welsh jason at monsterjam.org |
| http://monsterjam.org DSS PGP: 0x5E30CC98 |
| gpg key: http://monsterjam.org/gpg/ |
================================================
More information about the TriLUG
mailing list