are you running any php scripts? ive seen this happen on my box once.. Theres a nasty css vulnerability in horde and other php apps which can be exploited easily.
regards, Jason On Mon, May 15, 2006 at 09:02:24PM -0400, Neil L. Little wrote: > I recently discovered that the web server I have been working on has > been comprimized and is relaying spam. Because it was a test server > there nothing is really important lost but it does kinda tick me off. > > Of course I have taken it off the network but now I need to see how > "they" got in ,what was done, and what I did wrong. > I'm thinking a hole in my firewall. Also, rootkit. Then what they did to > Sendmail (thats a little further down on the list and unimportant right > now). > I remember that I had a problem testing my firewall because TWC has one > up on the their cable modem and it led me astray for a while thinking I > had the telenet port open. > > Sooooo.... > Can any one suggest some reading material on the subject at hand? > My initial search came up with: > Real World Linux Security: Intrusion Prevention, Detection and Recovery > by Box Toxen > Linux Servier Security by Michael D. Bauer. > > Is there a definitive (or just usefull) book out there for someone just > discovering that he crapped out in the security turkey shoot? > > Thanks in advance for the help! > > Neil Little, WA4AZL > JARS Forever!! ..er TRILUG too!! > > Spammers = 1, Home team = 0 > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ -- ================================================ | Jason Welsh [EMAIL PROTECTED] | | http://monsterjam.org DSS PGP: 0x5E30CC98 | | gpg key: http://monsterjam.org/gpg/ | ================================================ -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
