Hi, I've just subscribed and haven't used rkhunter for more than a few weeks. However, one of my servers has been hacked, unfortunately to an unknown degree. Thus, after saving the files as good as possible, I'm currently reinstalling things.
My question here is (after browsing the archives - maybe I've missed the answer), is /var/tmp scanned throughly, because the unwanted IRC server was installed under /var/tmp/.u with a likely attack vector via a bad jpg file which I found under /tmp along with a small perl scripts used for creating a "networked" shell. Is anyone here interested in the files? If so, I'll wrap them all up in an encrypted file (GPG?, RAR?, zip?) and can give you a link for downoading. Thanks for any quick insight Carsten -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
