[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to detect whether your machine is compromised?

Raj Kiran Grandhi writes:
> There is an article on slashdot,
> http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which
> says that most of the phishing sites are being run from rootkitted linux
> boxes.

Probably not rooted.  It is not necessary to root a machine running a Web
server to put up unauthorized pages: you just need write access to the
proper directories.  This is usually accomplished via buggy php scripts, so
your first step should be to quit using php.
John Hasler

Reply to: