Kai Schaetzl wrote: > Nick wrote on Thu, 04 May 2006 14:43:20 +1000: > >> Bindz.... hmm. telnetting to the port gave me a root shell > You should suspect some php app or at least a web-based intrusion. > Break-ins this way usually don't get the intruder a root shell. And what Yeppers. From interest, was the box selinuxed up Nick? Because AIUI that should have said no to running shells from Apache. -Andy -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4492 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20060504/ad896898/attachment-0005.bin>