On Tue, Jun 10, 2003 at 02:58:27PM -0500, Robert Ebright wrote:
Hello,
I logged in to my server today to find that
/usr/sbin/ncsd was running about 50 copies,
since I don't have BIND installed, obviously
something was up...they were also running with
the user www-data...
After a little bit
On Wed, 11 Jun 2003, Celso González wrote:
I dont have any information about your trojan, but i can give you a
solution (also a good security practice)
Mount /tmp in a separate partition with the noexec flag in fstab
This will disable most of the trojans
Sorry to delude you, but browse the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 11 Jun 2003 at 10:47:49AM +0200, Giacomo Mulas wrote:
On Wed, 11 Jun 2003, Celso Gonz?lez wrote:
I dont have any information about your trojan, but i can give you a
solution (also a good security practice)
Mount /tmp in a separate
While I agree with your observation I feel compelled to
defend his point.
He said mounting /tmp will stop MOST Trojans. While it might
not stop a trojan planted by a person, it will stop a trojan
planted by a worm (which is what this thread is about) since
the author of the worm might
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Tuesday 10 June 2003 21:58, Robert Ebright wrote:
Have you copy to the new server the home directory of the user www-data?
in debian is located in the root directory of the web server, so if you have
copy the document root from the old server
On Wed, Jun 11, 2003 at 03:24:11PM +0200, DEFFONTAINES Vincent wrote:
I use it and am very happy with it. If I trust archives from this list, I am
not
the only one in this case :-)
Is anyone using it with 2.5? I'm on the cusp of switching a
few machines to it to get up the learning curve
On Tue, Jun 10, 2003 at 02:58:27PM -0500, Robert Ebright wrote:
Hello,
I logged in to my server today to find that
/usr/sbin/ncsd was running about 50 copies,
since I don't have BIND installed, obviously
something was up...they were also running with
the user www-data...
After a little bit
On Wed, 11 Jun 2003, Celso González wrote:
I dont have any information about your trojan, but i can give you a
solution (also a good security practice)
Mount /tmp in a separate partition with the noexec flag in fstab
This will disable most of the trojans
Sorry to delude you, but browse the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 11 Jun 2003 at 10:47:49AM +0200, Giacomo Mulas wrote:
On Wed, 11 Jun 2003, Celso Gonz?lez wrote:
I dont have any information about your trojan, but i can give you a
solution (also a good security practice)
Mount /tmp in a separate
On Wed, 11 Jun 2003, Phillip Hofmeister wrote:
While I agree with your observation I feel compelled to defend his
point.
He said mounting /tmp will stop MOST Trojans. While it might not stop a
trojan planted by a person, it will stop a trojan planted by a worm
(which is what this thread is
While I agree with your observation I feel compelled to
defend his point.
He said mounting /tmp will stop MOST Trojans. While it might
not stop a trojan planted by a person, it will stop a trojan
planted by a worm (which is what this thread is about) since
the author of the worm might
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
On Tuesday 10 June 2003 21:58, Robert Ebright wrote:
Have you copy to the new server the home directory of the user www-data?
in debian is located in the root directory of the web server, so if you have
copy the document root from the old server
On Wed, Jun 11, 2003 at 03:24:11PM +0200, DEFFONTAINES Vincent wrote:
I use it and am very happy with it. If I trust archives from this list, I am
not
the only one in this case :-)
Is anyone using it with 2.5? I'm on the cusp of switching a
few machines to it to get up the learning curve
Hello,
I logged in to my server today to find that
/usr/sbin/ncsd was running about 50 copies,
since I don't have BIND installed, obviously
something was up...they were also running with
the user www-data...
After a little bit of research I found a new
crontab entryFile: /tmp/crontab.LYukbF
0
Hello,
I logged in to my server today to find that
/usr/sbin/ncsd was running about 50 copies,
since I don't have BIND installed, obviously
something was up...they were also running with
the user www-data...
After a little bit of research I found a new
crontab entryFile: /tmp/crontab.LYukbF
0
15 matches
Mail list logo
