Quoting Anthony Vito <[EMAIL PROTECTED]>: > > The fix is to upgrade php itself to a non-vulnerable version I believe. > > > > Google are supposed to have blocked the search that the worm was using > > to spread itself though. > > Probably not something to bet the house on. Anyone could still > manually exploit the security hole as well..... I haven't seen any > change from the server yet.... like... a basic firewall.... > > ]# nmap -sS pchdtv.com > > Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-12-22 10:51 EST > Interesting ports on powell.slcinet.net (128.121.217.18): > (The 1635 ports scanned but not shown below are in state: closed) > PORT STATE SERVICE > 21/tcp open ftp > 22/tcp open ssh > 23/tcp open telnet > 25/tcp open smtp > 79/tcp open finger > 80/tcp open http > 106/tcp open pop3pw > 110/tcp open pop-3 > 119/tcp open nntp > 139/tcp open netbios-ssn > 143/tcp open imap > 443/tcp open https > 513/tcp open login > 514/tcp open shell > 587/tcp open submission > 990/tcp open ftps > 992/tcp open telnets > 993/tcp open imaps > 995/tcp open pop3s > 2401/tcp open cvspserver > 3306/tcp open mysql > 5190/tcp open aol > > > I haven't seen an internet server this unsecure since the Helsinki > incident of 1919, and I think we all know how that turned out. Just a comment - Doing a portscan of a machine AFTER it is known to have been compromised is kind of pointless.
You have no idea which of those particular ports may have been opened up by whoever compromised the box. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. _______________________________________________ mythtv-users mailing list mythtv-users@mythtv.org http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users