Am Samstag 11 August 2007 13:20:31 schrieb Brent: > Im running FBSD 5.4 as a web server the server is behind a cisco firewall > /router and the server has alot of CMS jumila / mambo sites on it. I > noticed that when i ran sockstat i was seeing multiple IPs connected to > high ports on the server with a process id of "psybnc" . Did some looking > around & found that this is a IRC relay program that was installed through > a compromised mambo site.
That was a know Mambo vulnerability which also hit a client of ours. It's not a root compromise, though, AFAIR. > On FBSD how do you checksum binaries on the system to ensure someone hasnt > replaced one with there own binary. Install security/tripwire and configure properly. -- Heiko Wundram Product & Application Development _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"