A friends that have an httpd server based on TSL 2.2 have received this mail:
------------------------------------------- Subject: Your_host_have_been_attacked Your host have been attacked by pv script. Look on netstat -anp for process listen on 4123 port ------------------------------------------- It tell me that there is a process listing on port 4123 and another on 22222. Stopping httpd and killing the process that own the daemons seems temporarily "solve" the problem. He did that process are owned by httpd. It is now busy in rebuilding a new box where to migrate data, so request me to collect info on the "pv script". Any hints? Regards, B. _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
