Security Breach ?
Alexander Dalloz
ad+lists at uni-x.org
Wed Mar 2 23:21:01 UTC 2005
Am Mi, den 02.03.2005 schrieb Chris Strzelczyk um 23:46:
> I do run Apache but not a phpBB form. Is there some hole in Apache
> that I am not aware off which
> allows users to run IRC?
> -cs
Please avoid top-posting and quoting the full previous mail.
I asked for whether running phpBB because there are worms which use a
weakness of this forum application. It is a trojan and establishes an
irc connection. I don't know if some worm versions use bash, I heard of
those using Perl.
Well, you have the PID of the suspicious connections to irc server (you
can connect to the listed IPs using telnet to see they are really
running an ircd) and locate where they are coming from, who owns these
PIDs. I would worry for these connections. Although you gave too less
information to be serious about what it means. So you didn't say whether
you have users on the host in question which could use specific
programs. At least bash to irc servers seem very uncommon to me.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.14_FC2smp
Serendipity 00:02:22 up 9 days, 11:11, load average: 0.21, 0.37, 0.31
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050303/a2f65f04/attachment-0001.sig>
More information about the fedora-list
mailing list