Funny thing you mention "root" cuz there was a suspicious directory name
root that the admin didn't have rights too! Thanks for the info guys!!
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Len Conrad
Sent: Saturday, February 24, 2001 4:14 PM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Is your site being sniffed too?
>My problem is that I think someone has installed a password sniffer on my
>server and I can't identify the sniffer or remove it. The reason why I
>think that there is a sniffer on my server is because of this file in the
>root directory that updates itself with the passwords of the accounts
>logging on to the server locally.
I was just reading on cnet.com about NT "root kits", traditionally
compromises for *nix boxes. The can be pretty nasty (hidden from
task list, etc, etc).
If somebody here doesn't help, try the ISP-NT, ISP-Tech, ISP-Security
lists at isp-lists.com.
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
