Re: How to detect whether your machine is compromised?

To: debian-user <debian-user@lists.debian.org>
Subject: Re: How to detect whether your machine is compromised?
From: John Hasler <jhasler@debian.org>
Date: Mon, 08 Oct 2007 09:28:01 -0500
Message-id: <[🔎] 878x6dznny.fsf@toncho.dhh.gt.org>
In-reply-to: <[🔎] 47066419.8000902@gmail.com> (Raj Kiran Grandhi's message of "Fri\, 05 Oct 2007 21\:49\:37 +0530")
References: <[🔎] 47066419.8000902@gmail.com>

Raj Kiran Grandhi writes:
> There is an article on slashdot,
> http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which
> says that most of the phishing sites are being run from rootkitted linux
> boxes.

Probably not rooted.  It is not necessary to root a machine running a Web
server to put up unauthorized pages: you just need write access to the
proper directories.  This is usually accomplished via buggy php scripts, so
your first step should be to quit using php.
-- 
John Hasler

Reply to:

References:
- How to detect whether your machine is compromised?
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>

Prev by Date: Re: jvm 1.6.0_03
Next by Date: Re: seeking advice on free dns
Previous by thread: Re: How to detect whether your machine is compromised?
Next by thread: Hello
Index(es):
- Date
- Thread