Re: My server catched a rootkit?
On Sat, Nov 27, 2010 at 3:38 PM, Brian <ad44@cityscape.co.uk> wrote:
> Your course of action will depend on the confidence you place in
> rkhunter. Mine is zero, but if your reading of its reports is convincing
> and you think it tells you anything important about your system your
> only option is to reinstall. Not because there is anything untoward
> about the server but because you you have entered a state of insecurity.
> If chkrootkit was installed after your problems appeared its logs are
> valueless.
IMHO, it's another tool in the toolbox. The secret is that you need to
be using multiple tools, and employing them in such a way that if one
is defeated, that action should set off at least one other one.
> Then you could ask yourself: there are over 1,000 million computers on
> the internet; why me?
Easy target or low-hanging fruit. Scriptkiddies will tend to scan for
a specific exploit, and scan large blocks of addresses. His server
probably showed up in a scan.
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20101127203853.GM20623@desktop">http://lists.debian.org/[🔎] 20101127203853.GM20623@desktop
>
>
Reply to: