My sarge box has an IRC bot

To: debian-user@lists.debian.org
Subject: My sarge box has an IRC bot
From: Fran <lists@franoculator.com>
Date: Wed, 10 Jan 2007 11:53:42 -0600
Message-id: <[🔎] 45A52826.9050007@franoculator.com>

I've been told by my ISP that my sarge webserver (only port 80 open, all
 software up to date) is spewing traffic they're calling IRC_nick, which
is apparantly some sort of IRC bot.

I'm unable to locate the file/files that are infected.  Additionally, I
can't see the process/processes for the bot when it's running.

chkproc -v does reveal some hidden procs, but before I can kill them,
they seem to go away.

chkrootkit/rkhunter don't seem to see anything either.

Any other suggestions?

Reply to:

Follow-Ups:
- Re: My sarge box has an IRC bot
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: My sarge box has an IRC bot
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: My sarge box has an IRC bot
  - From: Sarunas Burdulis <sarunas@math.dartmouth.edu>
- Re: My sarge box has an IRC bot
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: Re: Newbie question: Exim - trouble receiving incoming emails
Next by Date: cascading dependencies problems
Previous by thread: Re: how to prevent these windows within web pages
Next by thread: Re: My sarge box has an IRC bot
Index(es):
- Date
- Thread