On Tue, Jun 10, 2003 at 02:58:27PM -0500, Robert Ebright wrote: > Hello, > I logged in to my server today to find that > /usr/sbin/ncsd was running about 50 copies, > since I don't have BIND installed, obviously > something was up...they were also running with > the user www-data... > After a little bit of research I found a new > crontab entryFile: /tmp/crontab.XXXXLYukbF > 0 * * * * /tmp/.nscdrecover Hi I dont have any information about your trojan, but i can give you a solution (also a good security practice) Mount /tmp in a separate partition with the noexec flag in fstab This will disable most of the trojans Best regards -- Celso González http://bulmalug.net
Attachment:
pgpkb4HhRc5b_.pgp
Description: PGP signature