Re: newbie with www user security problem
--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Quoth Ken Hawkins on Thu, Aug 11, 2005 at 11:32:44 -0400
> The box is secure that much i have found out. the only problems have =20
> been with this email spamming. nothing in the tmp dirs out of the =20
> ordinary and no missing files running scripts etc. I have changed =20
> everyone passwords on the box. *'d the www password, ensured there is =20
> no shell with the www user, etc.
Have you run chkrootkit on it?
=20
> i am in the process of upgrading the ports now and there are problems =20
> (of course). the ports seem to have been mangled as the listing in /=20
> var/db/ports does not match what i KNOW is running on the box. The =20
> person i have inherited this from manually deleted from the /var/db/=20
> ports to get some of the applications to re-install! gotta love that!
ICK! Make sure you database is fine otherwise, you'll get into no end
of trouble.=20
=20
> well here i come port fix hell! This is a production box and can't be =20
> taken off line as of this moment so i am going to have to attempt on =20
> the fly fixing / upgrading of the ports. i would love to wipe it but =20
> it is just not a possibility right now.
Oh dear. How about living it as is -- minus the spam emailer -- and
rebuilding another one to replace it? =20
=20
--=20
yann@kierun.org -=3D*=3D- www.kierun.=
org
PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318
--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFC+3O/91FwBp3iYxgRAi9uAKCWP+0Ze2dbT6+boa640reKQiLBwgCfRaLL
FANRn3l1rZIJpd7Jc4QKigE=
=L38G
-----END PGP SIGNATURE-----
--cNdxnHkX5QqsyA0e--
討論串 (同標題文章)
完整討論串 (本文為第 6 之 8 篇):