My sarge box has an IRC bot
I've been told by my ISP that my sarge webserver (only port 80 open, all
software up to date) is spewing traffic they're calling IRC_nick, which
is apparantly some sort of IRC bot.
I'm unable to locate the file/files that are infected. Additionally, I
can't see the process/processes for the bot when it's running.
chkproc -v does reveal some hidden procs, but before I can kill them,
they seem to go away.
chkrootkit/rkhunter don't seem to see anything either.
Any other suggestions?
Reply to: