Pardon my ignorance, but I'm intrigued by the cloak and dagger nature of this issue.
Two questions: 1. Would flushing and changing firewall rules to block port 21 stop the hacker's backdoor? 2. How would you go about finding the service that's opening port 21 and remove it from the system? Regards, Danny Ching On 06 8, 09, at 10:54 AM, fooler mail <[email protected]> wrote: > On Mon, Jun 8, 2009 at 10:25 AM, Iris Lames<[email protected]> > wrote: >> >> If my ftp problem does not bind to any service, I feel relieved. >> But then >> again, the question is "what caused my ftp to be open?". I'm now >> wondering >> if this is bug from Centos. > > it is not a bug.. your system was hacked.. you cannot use any > applications (eg. netstat, lsof, etc) in your system as the hacker > already modified those... > > the port 21 is the hacker remote backdoor going to your system... > > you have two options.. > > 1. reinstall your entire system without catching the hacker > 2. stay as is at the moment and catch the hacker... > > for number 2... there are lots of ways to catch the source ip address > of this hacker.. but dont do this inside your hacked system... if you > want option number 2... just let us know.. > > fooler. > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
