Ralph Angenendt wrote:
WipeOut wrote:
I have just run chkrootkit on my server and have the following two suspicious entries..
Searching for suspicious files and dirs, it may take a while... /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist
There should be only a list of perl packages in that file. You can check it very easily.
and further down..
Checking `bindshell'... INFECTED (PORTS: 465)
Anyone have any advice for getting rid of it??
Find out which program listens on that port - and if you need it. 465 is smtps (SMTP over SSL).
You can do so with netstat, lsof or fuser.
chkrootkit can only give you hints - you have to look for yourself, if it is assuming correctly or fooling you.
Ralph
Thanks Ralph..
I am looking into it now..