Im running FBSD 5.4 as a web server the server is behind a cisco firewall /router and the server has alot of CMS jumila / mambo sites on it. I noticed that when i ran sockstat i was seeing multiple IPs connected to high ports on the server with a process id of "psybnc" . Did some looking around & found that this is a IRC relay program that was installed through a compromised mambo site. after getting rid of the program I changed our router to disallow this type of traffic..& started trying to fix the box. Im pretty sure that root wasnt compromised but im going to re-install anyway. my question has anyone run into this problem with CMS sites, HOw excatly are they getting in ? what are the things I can do to prevent this. On FBSD how do you checksum binaries on the system to ensure someone hasnt replaced one with there own binary.
thank you...and & all help is greatly appreciated -- Brent _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
