Hi Syed, List...
First off, I'm getting the headers from my proxy log files (squid).
When I try to access http://www.esalton.com/ , I'm getting this:
[HTTP/1.1 *302 Moved Temporarily*\r\nDate: Fri, 27 Jan 2006 20:31:52
GMT\r\nServer: Apache/2.0.46 (Red Hat)\r\nSe
t-Cookie:
Kk, here is what I've got so far:
My system seems to be infected by some kind of trojan/worm/virus called
Unix/Hacktop, wich does (for what I'm seeing) some kind of scanport via
ssh (22).
I found some related info saying that the intruder could be using a
security flaw from AWSTATS + Apache
