Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 6th December 2011, 16:56
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
Default General question about rootkits

Hello, we had a client server (Debian lenny, apache, mysql) infected with a rootkit (one of the sha ones) we pretty much abandoned the server and put the websites onto a new one rather than try and fix it. I've tried clearing rootkits before with limited success.

On this particular server there was a bash script that ran by a cron and dumped the databases into tar files on the server but outside of the webroot.

Now looking at the timestamps and such, I'm fairly sure that these files weren't accessed. But I was wondering if the attacker had the capability to access them?

A number of system files were changed (for example, the LS command was rewritten) Does that mean the attacker had our root password? Could they have nosed about the rest of the filesystem?
Reply With Quote
Sponsored Links
 

Bookmarks

Tags
debian, rootkit

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
mod_rewrite again and general question for adding it into apache-special xxfog Installation/Configuration 1 11th February 2010 12:25
General Question about hosting jcombs_31 General 3 12th January 2009 14:23
General Security Question mphayesuk General 4 1st September 2008 11:54
BIND server in ISPConfig general question... BorderAmigos Server Operation 7 26th July 2008 01:06
Proftpd stops and general install question JaJunk Installation/Configuration 6 10th May 2007 21:17


All times are GMT +2. The time now is 12:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.