Ok.. I've been keeping up with patches.. and am up to date except for the last pine patch on the 17th. But, one of my servers bounced 5 days ago. I started looking into it, and found one of the web sites cgi-bin has a TON of hacking scripts. CGI-Telnet server, irc bots, etc.
And, there was a binary file that was this: Linux Kernel kmod.c modprobe ptrace vulnerability exploit Now, I'm trying to do clean up. What's the easiest way to determine if root has been compromised, or just that user account for that web site? Thanks, James --------------------------------------------------------------- http://www.customlynx.com - Low cost web authoring and hosting! Get your FREE E-mail address or give them out! (culymail.com) _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
