First, I would ask how the it got there. Secondly, I would examine the
system for other signs of a security breach. If TikiWiki has been
exploited in some way (I'm not familiar with TikiWiki, or it's security
controls) you may find other files on the system, placed there by and
intruder or script kiddie.
If an intruder did place the file there, they you might have a larger
problem then a single file. If the system has been rooted, it cannot be
trusted and should be backed up, wiped, OS installed clean, updated and
then reattach it to the network. You'll also want to make sure any
passwords used on the web server are not used for other services. If one
is cracked and the same password is used for other boxes....well...I won't
say it. :)
I might delete the file, and then use wireshark or snort or something
like that to watch traffic to and from the web server and on the network
in general. You'll quickly find out if the box has been compromised
and if so, what else is going on. The key here is to ensure your other
systems are OK and not broken.
Maybe nothing has been rooted, but until you are completley sure, be ultra
paranoid.
HTH
~k
On Fri, 18 Jul 2008, Bjorn Behrendt wrote:
Please help, I don't know how to clean a virus from a linux webserver. My
webserver keeps flooding our network untill everything
crashes, and when I did a manual backup the other day my antivirus poped up
with an infection, see attached.
Bjorn Behrendt
Proctor School District
[EMAIL PROTECTED]
