On Wed, 2007-10-17 at 16:07 -0500, Paul Schmehl wrote: > --On Wednesday, October 17, 2007 16:15:27 -0400 Josh Carroll > <[EMAIL PROTECTED]> wrote: > > >> The stangest thing is that I cann't find sploger on my system. After a > >> reboot sploger doesn't appear anymore, which makes it more stranger. > > > > So you have done a: > > > > find / -name sploger -type f > > > > And nothing comes up? If that's the case, it sounds like it was a perl > > script that was run, then subsequently removed from the file system. > > Which sounds rather nefarious to me. You might want to check for > > rootkits, etc. > > > If you google for "sploger+perl", all you get is stuff that looks like > hacked websites being run as spam operations. > > Look in /tmp for anything unusual, like directories named ". " or ".. " > or similar. Look for oddly named files in /tmp, such as dp, xz, etc. > > Look at your website logs carefully. I suspect a malicious script has been > run through some exploit such as php or perl or an apache weakness. > > Is all your software completely patched up to date? >
Dear list members. I scanned my FreeBSD 6.2-Release (ports up to date) with Avira Antivir personal ed, some days ago. The scanner returned this: ...<snap> checking drive/path (cwd): / /usr/ports/security/p5-openxpki-client-html-mason/pkg-plist Date: 11.10.2007 Time: 16:04:06 Size: 9975 ALERT: [HTML/MHT.Gen] /usr/ports/security/p5-openxpki-client-html-mason/pkg-plist <<< Contains detection pattern of the HTML script virus HTML/MHT.Gen <snap>... The information Avira has one can read here: http://www.avira.com/en/threats/section/details/id_vir/3679/html_mht.gen.html I posted a question to [EMAIL PROTECTED] They proposed that the scanner probably was "to nervous" for using with Unix. (I can't tell myself) Don't know if this says anything, but I though I would mention it when I saw your posts. -- /Peo
signature.asc
Description: This is a digitally signed message part