On Thursday 14 July 2005 23:24, Anderson Miranda wrote:
> Heck, gonna have to get a full reinstall over a new machine (my infected
> system is still running... slowly, but running... I can't just take the
> whole system down and make a fresh install... Gotta do it in a new box
> and restore my file
Thanks for all the replies.
Strange thing about apache logs is that all requests done to AWSTATS cgi
returned only 404 ... funny...
About sanitizing my box, It will be most than difficult, almost
impossible... Checked already a lot of "infected" files, and I'm sure
there are a lot more.
He
It was thus said that the Great Anderson Miranda once stated:
>
> Now I want to know just 2 things:
>
> First, how can I be sure that it all happened because of the awstats
> security flaw?
> Second, how could I completely remove this Unix/Hacktop from my system
> (Linux RedHat9 k2.4) ?
Firs
>
>>Kk, here is what I've got so far:
>>
>>My system seems to be infected by some kind of trojan/worm/virus called
>>Unix/Hacktop, wich does (for what I'm seeing) some kind of scanport via
>>ssh (22).
>>I found some related info saying that the intruder could be using a
>>security flaw from AWSTAT
On 7/14/05, Anderson Miranda <[EMAIL PROTECTED]> wrote:
> Kk, here is what I've got so far:
>
> My system seems to be infected by some kind of trojan/worm/virus called
> Unix/Hacktop, wich does (for what I'm seeing) some kind of scanport via
> ssh (22).
> I found some related info saying that the
Kk, here is what I've got so far:
My system seems to be infected by some kind of trojan/worm/virus called
Unix/Hacktop, wich does (for what I'm seeing) some kind of scanport via
ssh (22).
I found some related info saying that the intruder could be using a
security flaw from AWSTATS + Apache to
