Jochen Schulz wrote: > James Brown: >> I have a VDS under Debian Lenny, >> ~# uname -a >> Linux 2.6.18-028stab070.4-ent #1 SMP Tue Aug 17 19:03:05 MSD 2010 i686 >> GNU/Linux > > Is the rest of the software as ancient as the kernel? Lenny uses 2.6.26. > You should probably ask for a more recent kernel. > >> Is it a rootkit or other error? > > I would suspect it's a rootkit. Does the system have any open ports you > don't expect? > It seems that not. But I am not sure.
>> What I need to do - remove infected >> files, reinstall the above >> packeges or give an order to my vds-provider for reinstalling my server >> at all?! > > Reinstall. There's no other way to make sure you really got rif of the > rootkit. And then make sure to close the hole that allowed the > attacker to hijack your system. It's probably either a well-known, but > unpatched piece of software or a homegrown, easily exploitable > application (custom CMS or something like that). > > J. Thanks. It seems me that it was "proftpd" but it is possible that the web-control panel too (see my messages above) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4cf03b78.8010...@gmail.com
