neil... you state that "..An unauthorized user currently has the ability to run processed on the machine...." how do we know that.. did i miss something in an earlier thread.. don't get me wrong, you might know more on this thread than the few msgs i saw... al i saw was that there was the 'atack' process being run... do we know how it got there? did he say he didn't know what the hell the process was and that he didn't put it there? also, did he ever say if he was the only one to put things on the box.. (ie, a friend of his didn't put it there.. ) as an aside? did he say if he even looked on the net for anything related to this?? -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On Behalf Of Neil Aggarwal Sent: Tuesday, June 02, 2009 10:21 PM To: 'CentOS mailing list' Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell.... Bruce: > i'm inclined to think the processs is something on his server... > > now, how it got there is a curious issue that he's going to have to > address.. This is precisely the point. An unauthorized user currently has the ability to run processed on the machine. We do not know what they have already done or will do to the machine. We have to assume the entire machine is suspect and therefore it needs to be wiped. Neil -- Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com Eliminate junk email and reclaim your inbox. Visit http://www.spammilter.com for details. _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos