Displaying 6 results from an estimated 6 matches for "bindshell".
2003 Mar 30
2
Bindshell rootkit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok...did some checking. I forgot to mention that I killed dead syslogd. Not just a -HUP but an actual kill and restarted. I did this several times. I was trying to get something else to work.
Anyway, I killed it again this morning and restarted. The infect message went away immediately.
Could this have been the problem?
-
2007 Nov 20
2
chkrootkit V. 0.47
Running freeBSD 6.1
After changing chkrootkit to the latest version V. 0.47 and compiling it then
running it I get the following:
==================<SNIPPIT>================
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 6667)
Checking `lkm'... You have 131 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'... vr0 is not promisc
Checking `w55808'... not infected
Checking `wted'... chkwt...
2009 Dec 18
3
Security advice, please
I run chkrootkit daily. For the first time I've got reports of a problem -
Checking `bindshell'... INFECTED (PORTS: 1008)
The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected-
ports-1008/ suggests that this might be a false positive, so I ran 'netstat -
tanup' but unlike the report, it wasn't famd on the port. It was
tcp 0 0 0.0.0.0:1008...
2005 Jan 11
3
Think someone has got into my server...
I have just run chkrootkit on my server and have the following two
suspicious entries..
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist
and further down..
Checking `bindshell'... INFECTED (PORTS: 465)
Anyone have any advice for getting rid of it??
Later..
2005 Jun 27
5
"sh -i" My server was hacked. How can i found hole on my server?
Hello.
My server was hacked. The CPU has been loaded on 99 % by "sh -i" process.
I found out that someone has started phpshell through a hole in one of phpbb forums.
Also has filled in scripts for flud and spam and "vadim script" in
"/tmp". I has made it noexec. Recently has found out the same process.
May be i have left again /tmp opened, or other hole may
2005 May 12
1
Do I have an infected init file?
Hello;
I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected.
It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the