Re: My sarge box has an IRC bot
-----BEGIN PGP SIGNED MESSAGE-----
On 01/10/07 11:53, Fran wrote:
> I've been told by my ISP that my sarge webserver (only port 80 open, all
> software up to date) is spewing traffic they're calling IRC_nick, which
> is apparantly some sort of IRC bot.
"IRC_nick" is really ambiguous. What port do they say it's coming from?
I'd also suggest you have a trustworthy friend do a thorough nmap of
> I'm unable to locate the file/files that are infected. Additionally, I
> can't see the process/processes for the bot when it's running.
> chkproc -v does reveal some hidden procs, but before I can kill them,
> they seem to go away.
> chkrootkit/rkhunter don't seem to see anything either.
> Any other suggestions?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----