Yes, there was one site with a feedback form. I think this was the way in.
I also ran chkrootkit and rkhunter - both came back clean, so I don't think the box has been p0wn3d. - Kimball http://www.kimballlarsen.com On Oct 1, 2009, at 11:45 AM, Jonathan Duncan wrote: > > On 01 Oct 2009, at 09:21, Kimball Larsen wrote: > >> Thanks for the info - >> >> now what do I need to do about it? As far as I can tell, the script >> was not able to run correctly - it spewed lots of errors to my system >> logs, and I've got hosts.deny set up so that the only ssh connections >> allowed are from IPs I control. >> >> Do I need to worry about rebuilding the box? >> > > > Do you have any web accessible sites running on that machine? The > most common culprit for hacks of this kind are web scripts with holes. > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
