Re: rlx blade server attacked
-----BEGIN PGP SIGNED MESSAGE-----
Michael Renzmann wrote:
| Hi all.
| The rlx blade server rack (better: the management blade) where my own
| server is located in has been attacked. I phoned to my ISP some minutes
| ago, and he described that there was a huge packet storm fired from the
| internet towards the management blade.
| He described that there were (and still are) lots of udp packets for
| port 2002, and on the management blade there are a lot of processes with
| the name "bugtraq" running. I will drive down there now to have a closer
| look at this stuff. Has anyone an initial idea what this could be? Maybe
| that helps for getting the server back on line faster.
| As soon as I have more information about it I will post them here.
The Apache worm you're infected with was posted on bugtraq earlier
today. It exploits mod_ssl and can be identified by doing a ps -ax |
grep bugtraq (it runs as the name .bugtraq). The source for it is here:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----