3 Apaches Down

By NullMind on September 7, 2003 | Print This Post

this morning while checking the helpdesk I got a suprise .. 3 different servers for the same client had apache down, a manual restart would not bring it back to live, and worst .. no errors on the log.

upon further investigation I found this on rc.local

/etc/rc.d/init.d/.incsshd -p 31221 /sbin/insmod /etc/.incrl.o

unfortunately on of my techs also found it and deleted it .. seems the system was compromised .. but the other two .. no indication of any breaches.

the kernels are 2.4.18’s .. so I know they have the ptrace exploit .. time to do some recompiling

Null

Popularity: 17% [?]

comment Posted in: Computers / Internet

Did you like it? Click here to subscribe for free.

No Related Post

Browse

← back Forward →

Share and Save

adsense ad?

No comments.

Post a Comment

Answer a question or login:

RSS E-Mail

Quick Look

WebHosting ... Everybody Sucks

New Blade Server is Up

Losi 8T & SMD Box (OFNA 10244)

Sponsored A-Class Driver

8IGHT-T Clean & Rebuild .. Day 1

New Fioroni Parts

Future Expansion of RC NUT

New Wheels .... finally

New Shell for Summer 08

New Paint Scheme for Summer Series

john mcdermott: agreed
NullMind: Lol, heya John, long time no see .. what can I say, a face only a mother or a blind wife could love
john mcdermott: i remember this face !
NullMind: LOL, thank you
Mr Tee: Well, what can I say Welcome to my side of the office