Note:
95.215.44.195 == rkcheck.org
The web site certainly smells like a total scam... no indication
whatsoever of who might be behind this allegedly helpful project.
But they'd like me to just trust them and download their checker tool.
Yea. Right. No thanks.
But I give them an `E' for effor
Walter Hop writes:
> If this traffic is originating from your system, and you were running
> PHP, I’d say it’s probably most likely that some PHP
> script/application on your host was compromised. Were you running
> stuff like phpMyAdmin, Wordpress or Drupal that might not have been
> updated too
> Am 25.02.2015 um 22:07 schrieb Joseph Mingrone :
>
> Christopher Schulte writes:
>
>>> On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
>>>
>>> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
>>> which was registered a few days ago and looks like a tampered versio
Christopher Schulte writes:
>> On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
>>
>> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
>> which was registered a few days ago and looks like a tampered version of
>> chkrootkit. I hope, nobody installed it anywhere, it se
> Am 25.02.2015 um 21:55 schrieb Christopher Schulte :
>
>
>> On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
>>
>> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
>> which was registered a few days ago and looks like a tampered version of
>> chkrootkit. I hope, n
> On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
>
> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
> which was registered a few days ago and looks like a tampered version of
> chkrootkit. I hope, nobody installed it anywhere, it seems to execute
> rkcheck/tests/
Philip Jocks writes:
> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
> which
> was registered a few days ago and looks like a tampered version of
> chkrootkit. I
> hope, nobody installed it anywhere, it seems to execute
> rkcheck/tests/.unit/test.sh which contains
>
> Am 25.02.2015 um 21:25 schrieb Joseph Mingrone :
>
> Philip Jocks writes:
>> are those the only lines they sent you? Weirdly, we got a report like this
>> today
>> as well with the first (out of 8) sample line showing the exact time stamp
>> (23/Feb/2015:14:53:37 +0100) and the exact query st
Matt Donovan writes:
> On Feb 25, 2015 2:05 PM, "Joseph Mingrone" wrote:
>>
>> Jung-uk Kim writes:
>>
>> > On 02/25/2015 14:41, Joseph Mingrone wrote:
>> >> This morning when I arrived at work I had this email from my
>> >> university's IT department (via email.it) informing me that my host
>>
On 25 Feb 2015, at 20:41, Joseph Mingrone wrote:
>
> "Based on the logs fingerprints seems that your server is infected by
> the following worm: Net-Worm.PHP.Mongiko.a"
>
> my ip here - - [23/Feb/2015:14:53:37 +0100] "POST
> /?cmd=info&key=f8184c819717b6815a8b8037e91c59ef&ip=212.97.34.7 HTTP/1.1
> Am 25.02.2015 um 21:04 schrieb Joseph Mingrone :
>
> Jung-uk Kim writes:
>
>> On 02/25/2015 14:41, Joseph Mingrone wrote:
>>> This morning when I arrived at work I had this email from my
>>> university's IT department (via email.it) informing me that my host
>>> was infected and spreading a
Philip Jocks writes:
> are those the only lines they sent you? Weirdly, we got a report like this
> today
> as well with the first (out of 8) sample line showing the exact time stamp
> (23/Feb/2015:14:53:37 +0100) and the exact query string
> (/?cmd=info&key=f8184c819717b6815a8b8037e91c59ef&ip=21
On Feb 25, 2015 2:05 PM, "Joseph Mingrone" wrote:
>
> Jung-uk Kim writes:
>
> > On 02/25/2015 14:41, Joseph Mingrone wrote:
> >> This morning when I arrived at work I had this email from my
> >> university's IT department (via email.it) informing me that my host
> >> was infected and spreading a
Jung-uk Kim writes:
> On 02/25/2015 14:41, Joseph Mingrone wrote:
>> This morning when I arrived at work I had this email from my
>> university's IT department (via email.it) informing me that my host
>> was infected and spreading a worm.
>>
>> "Based on the logs fingerprints seems that your se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/25/2015 14:41, Joseph Mingrone wrote:
> This morning when I arrived at work I had this email from my
> university's IT department (via email.it) informing me that my host
> was infected and spreading a worm.
>
> "Based on the logs fingerprint
This morning when I arrived at work I had this email from my
university's IT department (via email.it) informing me that my host was
infected and spreading a worm.
"Based on the logs fingerprints seems that your server is infected by
the following worm: Net-Worm.PHP.Mongiko.a"
my ip here - - [23/
Hi Security Officials of FreeBSD,
On 24 February 2015 at 22:29, FreeBSD Security Advisories
wrote:
> 2) To update your vulnerable system via a binary patch:
>
> Systems running a RELEASE version of FreeBSD on the i386 or amd64
> platforms can be updated via the freebsd-update(8) utility:
>
> # fre
On Wed, 25 Feb 2015 18:21:58 +0100
Remko Lodder wrote:
>
> This suggests that you can filter the traffic:
>
> Block incoming IGMP packets by protecting your host/networks with a
> firewall. (Quote from the SA).
>
> Br,
> Remko
>
Looks like Captain Obvious here. The question was how exactly t
> On 25 Feb 2015, at 12:24, Karl Pielorz wrote:
>
>
> Hi,
>
> Presumably if you don't need IGMP, ipfw can be used to mitigate this on hosts
> until they're patched / rebooted, i.e.
>
> ipfw add x deny igmp from any to any
>
> ?
This suggests that you can filter the traffic:
Block incomin
On Tue, Feb 24, 2015 at 11:40:44PM -0800, Xin Li wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>
>
> On 2/24/15 23:36, Bartek Rutkowski wrote:
> > Seems like freebsd-update is throwing some error:
> >
> > root@04-dev:~ # freebsd-update install Installing
> > updates...install: /
Hi,
Presumably if you don't need IGMP, ipfw can be used to mitigate this on
hosts until they're patched / rebooted, i.e.
ipfw add x deny igmp from any to any
?
Thanks,
-Karl
-- Forwarded Message --
Date: 25 February 2015 06:29 +
From: FreeBSD Security Advisories
To:
On Tue, Feb 24, 2015 at 10:48 AM, Kay Rydyger wrote:
>
> The question was [... firmware spies]
> The answer is [...] to encrypt data.
No, reading bits from platters or the bus is a partial analysis of
the whole firmware question. It's already been suggested in links
how firmware can hook the user
22 matches
Mail list logo
