[CentOS] Uselib24/bindz - owned!

Thu May 4 05:37:28 UTC 2006
Nick <list at everywhereinternet.com>

Rick Philbrick wrote:
> Hi,
>
> Well thats telling.  So do you have chkroot-kit installed?  Although
> you know you've got to have a root-kit on there. Anyway, it may help
> narrow your search of the directories and the changes within.
>
> -rickp
>

Well i quarantined the files and then ran rkhunter and chkrootkit and 
both came back ok. Not going to risk not starting over on the box but if 
i can't tell how they got in then I'm not stopping it happening again. 
It could of course have something to do with one of the webapps the box 
runs (forum software)...

Also i found my iptables script wasn't blocking port 80 and port 21 
outbound.... school boy error.