[CentOS] CleanLog.h

Evans F. Mitchell KD4EFM / AFA2TH / WQFK-894 kd4efm at kd4efm.org
Fri Nov 30 14:36:37 UTC 2007

By any chances, have you ran 'ps ax' from root and looked
to see what does not look like it should be there??

IF you are willing, paste your 'ps' output for us to
help you find the program that is running and sending out
the emails.

also review your sendmail rule set.
Next, to help lock down your server a little more
make sure you have set a password on your VNC.
I had and Italian 17 year old poking around one
of my Amateur Radio boxes via VNC, simply cause I
forgot to set a vnc password, so it was wide open
like a windoz server box without a login screen,
you know, the good old "I AM OPEN FOR YOUR PLEASURES..."

Also change your sshd, the port it is on, and do a rule
set that only allows a specific ip to access it.
I think I am correct saying you can do that as well with VNC.

The other option would be to stop the service all together
IF your not needing it.

Good Luck.

Evans F. Mitchell KD4EFM/AFA2TH/WQFK-894


-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Alfredo Perez
Sent: Friday, November 30, 2007 7:40 AM
To: CentOS mailing list
Subject: Re: [CentOS] CleanLog.h

On Thu, Nov 29, 2007 at 04:43:44PM -0600, B.J. McClure wrote:
> Sad to say one of my file servers was exploited and used to run a 
> Phishing scam.  Have identified subject virus amongst other things.  
> It appears twice in a virus scan; /sbin/z (which I assume can just be
> deleted) and /sys/bus/serio/drivers/atkbd/description.  The latter 
> file is also present in identical uninfected machines.  I have been 
> unable to open the file, even with root privileges, although it 
> appears to be a text file.  Any suggestions on how to proceed 
> appreciated.  Guess I could delete it and copy over the file from an
identical machine.
> Thanks in advance,
> B.J.
> CentOS 5.0, Linux 2.6.18-8.1.15.el5 x86_64 16:26:48 up 10:46, 1 user, 
> load average: 0.07, 0.08, 0.04

Hi Can you tell me which virus scan you are using?


CentOS mailing list
CentOS at centos.org

More information about the CentOS mailing list