Hi, Most of us ignore the importance of SELinux, specially on RHEL based distro which has a lot of ready made policies. Do you think it's time to start learning and prevent this incidents? I know SELinux is very difficult and I'm starting to love AppArmor:)
-- grexk --- On Mon, 6/8/09, fooler mail <[email protected]> wrote: From: fooler mail <[email protected]> Subject: Re: [plug] CentOS 5.3 port 21 open which should not be To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" <[email protected]> Date: Monday, June 8, 2009, 9:24 AM On Mon, Jun 8, 2009 at 10:25 AM, Iris Lames<[email protected]> wrote: > > If my ftp problem does not bind to any service, I feel relieved. But then > again, the question is "what caused my ftp to be open?". I'm now wondering > if this is bug from Centos. it is not a bug.. your system was hacked.. you cannot use any applications (eg. netstat, lsof, etc) in your system as the hacker already modified those... the port 21 is the hacker remote backdoor going to your system... you have two options.. 1. reinstall your entire system without catching the hacker 2. stay as is at the moment and catch the hacker... for number 2... there are lots of ways to catch the source ip address of this hacker.. but dont do this inside your hacked system... if you want option number 2... just let us know.. fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
