Are you running PortSentry? If you are, that may give you a false positive on Port 465. -----Original Message----- From: centos-bounces at caosity.org [mailto:centos-bounces at caosity.org] On Behalf Of WipeOut Sent: 11 January 2005 18:19 To: CentOS discussion and information list Subject: [Centos] Think someone has got into my server... I have just run chkrootkit on my server and have the following two suspicious entries.. Searching for suspicious files and dirs, it may take a while... /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist and further down.. Checking `bindshell'... INFECTED (PORTS: 465) Anyone have any advice for getting rid of it?? Later.. _______________________________________________ CentOS mailing list CentOS at caosity.org http://lists.caosity.org/mailman/listinfo/centos