Quoting Kelsey Hartigan Go ([EMAIL PROTECTED]): > Safest really but a pain. But if you can find all the holes, you may > not need to.
<deadpan> For example, you could e-mail the intruder, and say "Would you please confirm that I've found all the holes? Thanks." </deadpan> > Or disable SSL. Perhaps I didn't write clearly enough, but that was intended to be included in the phrase "not using Apache for https". (I didn't want to write a novel: The concept of what the slapper worm does and doesn't attack should have been clear enough, already.) > I got to scan all the files and checked the filesize with another > system and found the trojaned ones. Alas, this method fails to catch _added_ files -- and fails to catch configuration files that have been meddled with, dotfiles that have been mailed with... and probably other things that I'm not bothering to think of. The point is: Anyone who thinks he can un-compromise a system without wiping and reinstalling it is kidding himself. Sorry about the bad news, but there's just no reasonable alternative. -- Cheers, Chaos, panic, & disorder - my work here is done. Rick Moen [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
