-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16.06.2010 23:31, unsp...@hushmail.com wrote: > BTW running 'suspscan' is only a *postmortem* action and finding > the malware only an *indication* of more serious problems. It would > be good to (first make backups, weed out problematic scripts or > installations, update software to current and then) harden the web > stack and run say 'Logwatch' (and extending Logwatch capabilities > to include common downloaders is quite easy: > http://www.linuxquestions.org/questions/blog/unspawn-2450/logwatch- > webserver-logs-php-malarky-2308/).
yes, logwatch and a couple of other tools (most promimently snort) are running on our servers by default - yet, all those tools don't protect you from human errors (or at least not entirely). Such a (major) human error was the true cause for the infection. But thanks anyway for your suggestions. - -- Udo Rader | CEO BestSolution.at EDV Systemhaus GmbH | company Eduard-Bodem-Gasse 5 | address A-6020 Innsbruck | city +43 512 935834 | phone http://www.bestsolution.at | web -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMGeUmAAoJEJA9QoEqa9WB6BMIAI6ZeFGk+ghuxCFFmK1EWF2z 1LAMwRQvi0gtp1x08jHNBESE4qTJ7KRN0mn68YLxhJZC8ODbP5mK529/4THcA6iw OIOxmg6/nY6YoYlyWIIpBGvvkxO3/G2UP3ERCW/kZiKxaLvj1F/nOghe9lnhVuIT 4f/xPGsTZWdyDxZDcGRZ3eGsNFOwfwiM5J5VdXVJfctjLwP7OhIdakjWn0mOkNTM YVbujpH9VxqQkZMM3UNyVHjCd/yAurIA7QHsiMhtI8rm1LGNZZFwimlQk7+OzJyt pqHR8eP7wXNs3bMVznFiAzVFi8VW4VkQs8MErBUuHdt1VqCnMuQ88W3R/gAf4Jg= =DtUH -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
