On Thu, Feb 26, 2015, at 14:52, Malcolm Herbert wrote:
> I'd also suggest you take a look at using mtree for tripwire-like
> functionality into the future - its primary purpose is to be able to
> take the specification for a directory tree and either report
> differences or make the filesystem co
I'd also suggest you take a look at using mtree for tripwire-like
functionality into the future - its primary purpose is to be able to
take the specification for a directory tree and either report
differences or make the filesystem conform to the specification.
not sure whether it is used in the b
On Thu, Feb 26, 2015, at 14:12, Glyn Grinstead wrote:
> On Thu, 26 Feb 2015 at 12:02:52 -0600, Mark Felder wrote:
> > On Wed, Feb 25, 2015, at 14:19, Walter Hop wrote:
> > >
> > > Example:
> > > # touch -t 20150101 foo
> > > # find / -user www -newer foo
> >
> > Thanks for posting this tric
On Thu, 26 Feb 2015 at 12:02:52 -0600, Mark Felder wrote:
> On Wed, Feb 25, 2015, at 14:19, Walter Hop wrote:
> >
> > Example:
> > # touch -t 20150101 foo
> > # find / -user www -newer foo
>
> Thanks for posting this trick -- I've never considered it before and
> will certainly put it in my t
On Wed, Feb 25, 2015, at 14:19, Walter Hop wrote:
>
> Example:
> # touch -t 20150101 foo
> # find / -user www -newer foo
>
> If you don’t find anything, look back a little further.
> Hopefully you will find a clue in this way.
>
Thanks for posting this trick -- I've never considered it be
On Wed, 25 Feb 2015 20:55:43 +, Christopher Schulte wrote:
> > On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
> >
> > it felt pretty scammy to me, googling for the "worm" got me to
> rkcheck.org which was registered a few days ago and looks like a
> tampered version of chkrootkit. I
Am 26.02.2015 um 09:24 schrieb Gary Palmer :
> On Wed, Feb 25, 2015 at 04:04:59PM -0400, Joseph Mingrone wrote:
>> Jung-uk Kim writes:
>>
>>> On 02/25/2015 14:41, Joseph Mingrone wrote:
This morning when I arrived at work I had this email from my
university's IT department (via email
On Wed, Feb 25, 2015 at 04:04:59PM -0400, Joseph Mingrone wrote:
> Jung-uk Kim writes:
>
> > On 02/25/2015 14:41, Joseph Mingrone wrote:
> >> This morning when I arrived at work I had this email from my
> >> university's IT department (via email.it) informing me that my host
> >> was infected an
Note:
95.215.44.195 == rkcheck.org
The web site certainly smells like a total scam... no indication
whatsoever of who might be behind this allegedly helpful project.
But they'd like me to just trust them and download their checker tool.
Yea. Right. No thanks.
But I give them an `E' for effor
Walter Hop writes:
> If this traffic is originating from your system, and you were running
> PHP, I’d say it’s probably most likely that some PHP
> script/application on your host was compromised. Were you running
> stuff like phpMyAdmin, Wordpress or Drupal that might not have been
> updated too
> Am 25.02.2015 um 22:07 schrieb Joseph Mingrone :
>
> Christopher Schulte writes:
>
>>> On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
>>>
>>> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
>>> which was registered a few days ago and looks like a tampered versio
Christopher Schulte writes:
>> On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
>>
>> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
>> which was registered a few days ago and looks like a tampered version of
>> chkrootkit. I hope, nobody installed it anywhere, it se
> Am 25.02.2015 um 21:55 schrieb Christopher Schulte :
>
>
>> On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
>>
>> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
>> which was registered a few days ago and looks like a tampered version of
>> chkrootkit. I hope, n
> On Feb 25, 2015, at 2:34 PM, Philip Jocks wrote:
>
> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
> which was registered a few days ago and looks like a tampered version of
> chkrootkit. I hope, nobody installed it anywhere, it seems to execute
> rkcheck/tests/
Philip Jocks writes:
> it felt pretty scammy to me, googling for the "worm" got me to rkcheck.org
> which
> was registered a few days ago and looks like a tampered version of
> chkrootkit. I
> hope, nobody installed it anywhere, it seems to execute
> rkcheck/tests/.unit/test.sh which contains
>
> Am 25.02.2015 um 21:25 schrieb Joseph Mingrone :
>
> Philip Jocks writes:
>> are those the only lines they sent you? Weirdly, we got a report like this
>> today
>> as well with the first (out of 8) sample line showing the exact time stamp
>> (23/Feb/2015:14:53:37 +0100) and the exact query st
Matt Donovan writes:
> On Feb 25, 2015 2:05 PM, "Joseph Mingrone" wrote:
>>
>> Jung-uk Kim writes:
>>
>> > On 02/25/2015 14:41, Joseph Mingrone wrote:
>> >> This morning when I arrived at work I had this email from my
>> >> university's IT department (via email.it) informing me that my host
>>
On 25 Feb 2015, at 20:41, Joseph Mingrone wrote:
>
> "Based on the logs fingerprints seems that your server is infected by
> the following worm: Net-Worm.PHP.Mongiko.a"
>
> my ip here - - [23/Feb/2015:14:53:37 +0100] "POST
> /?cmd=info&key=f8184c819717b6815a8b8037e91c59ef&ip=212.97.34.7 HTTP/1.1
> Am 25.02.2015 um 21:04 schrieb Joseph Mingrone :
>
> Jung-uk Kim writes:
>
>> On 02/25/2015 14:41, Joseph Mingrone wrote:
>>> This morning when I arrived at work I had this email from my
>>> university's IT department (via email.it) informing me that my host
>>> was infected and spreading a
Philip Jocks writes:
> are those the only lines they sent you? Weirdly, we got a report like this
> today
> as well with the first (out of 8) sample line showing the exact time stamp
> (23/Feb/2015:14:53:37 +0100) and the exact query string
> (/?cmd=info&key=f8184c819717b6815a8b8037e91c59ef&ip=21
On Feb 25, 2015 2:05 PM, "Joseph Mingrone" wrote:
>
> Jung-uk Kim writes:
>
> > On 02/25/2015 14:41, Joseph Mingrone wrote:
> >> This morning when I arrived at work I had this email from my
> >> university's IT department (via email.it) informing me that my host
> >> was infected and spreading a
Jung-uk Kim writes:
> On 02/25/2015 14:41, Joseph Mingrone wrote:
>> This morning when I arrived at work I had this email from my
>> university's IT department (via email.it) informing me that my host
>> was infected and spreading a worm.
>>
>> "Based on the logs fingerprints seems that your se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 02/25/2015 14:41, Joseph Mingrone wrote:
> This morning when I arrived at work I had this email from my
> university's IT department (via email.it) informing me that my host
> was infected and spreading a worm.
>
> "Based on the logs fingerprint
23 matches
Mail list logo
