Leif Carlsson wrote: > Due to my stupidity and lazyness I used a too simple password on an > account and got "infected". > This was just a test machine so it didn't "break" anything important. > > But rkhunter didn't find it when I searched the server.
I have a tarball of some nastiness I recently found in a server's /tmp dir. Rkhunter 1.2.9 indeed didn't notice anything, chkrootkit did warn me of an infected port. Is there somewhere where I can send these files for inspection? I'd rather not touch them myself, but if there are people who like to dissect these kinds of things I'd be glad to supply the files. Nils Breunese. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
