-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Renzmann wrote: | Hi all. | | The rlx blade server rack (better: the management blade) where my own | server is located in has been attacked. I phoned to my ISP some minutes | ago, and he described that there was a huge packet storm fired from the | internet towards the management blade. | | He described that there were (and still are) lots of udp packets for | port 2002, and on the management blade there are a lot of processes with | the name "bugtraq" running. I will drive down there now to have a closer | look at this stuff. Has anyone an initial idea what this could be? Maybe | that helps for getting the server back on line faster. | | As soon as I have more information about it I will post them here.
The Apache worm you're infected with was posted on bugtraq earlier today. It exploits mod_ssl and can be identified by doing a ps -ax | grep bugtraq (it runs as the name .bugtraq). The source for it is here: http://dammit.lt/apache-worm/apache-worm.c ///Jason -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9ghhcGLMreEWkV3cRAg9EAJ9gFc1Mv4VOliQH/0LpQu2mweeFrwCgi+FT qXutgsZlKusgzmulwvxWhAQ= =9Rgx -----END PGP SIGNATURE-----
