On Wed, 26 Jan 2011, Andy Smith wrote:
If this is a Debian install then the recent Exim exploit is a good
candidate. I've had quite a few people caught by that and expect to
find more who still haven't realised they've been compromised yet.
:(
Cheers Andy.
Yes it's a Debian Lenny system.
Exim sounds like a likely candidate, I can see a number of
**** log string overflowed log buffer ****
messages on the 10th (the same date that the suspect ssh file has) in
/var/log/exim4/mainlog
Thanks for all the suggestions guys.
Time to sort out a re-install.
Andy
--
Please post to: Hampshire@mailman.lug.org.uk
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--------------------------------------------------------------
