James Brown:
>
> I have a VDS under Debian Lenny,
> ~# uname -a
> Linux 2.6.18-028stab070.4-ent #1 SMP Tue Aug 17 19:03:05 MSD 2010 i686
> GNU/Linux
Is the rest of the software as ancient as the kernel? Lenny uses 2.6.26.
You should probably ask for a more recent kernel.
> Is it a rootkit or other error?
I would suspect it's a rootkit. Does the system have any open ports you
don't expect?
> What I need to do - remove infected
> files, reinstall the above
> packeges or give an order to my vds-provider for reinstalling my server
> at all?!
Reinstall. There's no other way to make sure you really got rif of the
rootkit. And then make sure to close the hole that allowed the
attacker to hijack your system. It's probably either a well-known, but
unpatched piece of software or a homegrown, easily exploitable
application (custom CMS or something like that).
J.
--
I often blame my shortcomings on my upbringing.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature