[CentOS] Uselib24/bindz - owned!

Thu May 4 10:22:38 UTC 2006
Jason Dixon <jason at dixongroup.net>

On May 4, 2006, at 1:37 AM, Nick wrote:

> Rick Philbrick wrote:
>> Hi,
>>
>> Well thats telling.  So do you have chkroot-kit installed?  Although
>> you know you've got to have a root-kit on there. Anyway, it may help
>> narrow your search of the directories and the changes within.
>>
>> -rickp
>>
>
> Well i quarantined the files and then ran rkhunter and chkrootkit  
> and both came back ok. Not going to risk not starting over on the  
> box but if i can't tell how they got in then I'm not stopping it  
> happening again. It could of course have something to do with one  
> of the webapps the box runs (forum software)...

You used trusted binaries when running chkrootkit, right?

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net