[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Server hacked - next...?

Hi Daniel,

Yeap, I follow Bugtraq... too bad Debian came out with the "official"
kernel ages after it was revealed.

Actually running 2.4.21 now... but it certainly is possible that during
the gap between when we were running 2.4.17/18 to when we upraded to
2.4.21, someone got in.

Actually, from what I can tell now, someone APPEARS to have got in through
a user's vulnerable script... i think phpBB or one of those, and then
obtained remote access that way, then maybe run those rootkits and

I am thinking it might have been related to the ptrace bug because i saw a
weird "modprobe" entry there, but then again.... many rootkits fool around
with modprobe???


----- Original Message ----- 
From: "Daniel K. Gebhart" <dkg@con-fuse.org>
To: <debian-isp@lists.debian.org>
Sent: Sunday, 29 June, 2003 6:29 PM
Subject: Re: Server hacked - next...?

Reply to: