[Centos] Think someone has got into my server...
Ralph Angenendt
ra+centos at br-online.de
Tue Jan 11 10:58:11 UTC 2005
WipeOut wrote:
> I have just run chkrootkit on my server and have the following two
> suspicious entries..
>
> Searching for suspicious files and dirs, it may take a while...
> /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist
There should be only a list of perl packages in that file. You can check
it very easily.
> and further down..
>
> Checking `bindshell'... INFECTED (PORTS: 465)
>
> Anyone have any advice for getting rid of it??
Find out which program listens on that port - and if you need it. 465
is smtps (SMTP over SSL).
You can do so with netstat, lsof or fuser.
chkrootkit can only give you hints - you have to look for yourself, if
it is assuming correctly or fooling you.
Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20050111/809e6b8e/attachment.sig>
More information about the CentOS
mailing list