Search:

Type: Posts; User: unspawn; Keyword(s):

Page 1 of 10 1 2 3 4

Search: Search took 0.01 seconds.

  1. Replies
    3
    Views
    1,164

    [all variants] Re: Deleted file warnings - RKHunter

    The warning is there to notify you of just that: processes using deleted files. As RKH aims to be a generic useful post-op tool we can't cater for every exception and white list it by default. In...
  2. [ubuntu] Re: Ubuntu 16.04-Possible infection with ebory- Operation Windigo installetd

    For Ebury to work root-owned binaries need to be replaced. So next to the commands in documents you've read on Ebury / Windigo you should do basic comparison of binaries and hashes (using a known...
  3. [lubuntu] Re: chkutmp tty and utmp problem with chkrootkit

    No that's not how things work. And you can simply match the hashes of the concerning files against those of a pristine copy to verify it's not been tampered with. Not much, really. This happens...
  4. [lubuntu] Re: chkutmp tty and utmp problem with chkrootkit

    The processes are attached to a tty but no audit record was found in /var/run/utmp. Which is normal behaviour for processes that wait for a login to occur. (If you want to run some checks verify...
  5. Replies
    5
    Views
    721

    Re: Resume cracked by Tor usders

    It's CryptoWall (http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information) which only runs on the Other OS, not Linux.
  6. Replies
    3
    Views
    787

    [ubuntu] Re: Worried about rootkit hunter results

    They may be cheap to rent services from but I'm sorry to say by their actions they're security-wise not the hosting company you're looking for. Nobody in their right mind "cleans" root compromises,...
  7. Replies
    3
    Views
    532

    [ubuntu] Re: Rkhunter public key ?

    Oh well search any of pgp.mit.edu, subkeys.pgp.net or hkps.pool.sks-keyservers.net for "0xea5f4cd3a65f5e17" then.
  8. Replies
    3
    Views
    532

    [ubuntu] Re: Rkhunter public key ?

    As the documentation says: please consider checking the README, FAQ and the rkhunter-users mailing list archives. From the latter: 'gpg --keyserver subkeys.pgp.net --search 26447505', 'gpg...
  9. Re: 12.04 Server exploit Trying to clean befopre proceeding.

    And rightly so. As I said here: http://ubuntuforums.org/showthread.php?t=2226673&p=13089606#post13089606 this is a root compromise. Act immediately and decisively and ditch the idea of "fixing" or...
  10. Replies
    2
    Views
    414

    No!

    Then with all due respect you haven't been paying attention: that was a root exploit. So that required immediate and decisive action. You should have isolated the machine, backed up whatever personal...
  11. Thread: "Jun" hack

    by unspawn
    Replies
    39
    Views
    6,137

    Re: "Jun" hack

    If that was a conclusion based on facts, meaning having reviewed events, time line and evidence, that would make sense. If you haven't, what purpose would speculating serve? How would it, with all...
  12. Thread: "Jun" hack

    by unspawn
    Replies
    39
    Views
    6,137

    Re: "Jun" hack

    That indeed would be convenient eh? Getting access to all your fellow forum members data like /etc/shadow, SSH private keys, any correspondence, etc, etc... Are you in any way familiar with Privacy...
  13. Thread: "Jun" hack

    by unspawn
    Replies
    39
    Views
    6,137

    Re: "Jun" hack

    While names don't mean anything at this stage both .lod reminded me of BillGates botnet... See if you can find more anomalous files and check your logs as well (all log files). If you want to run...
  14. Replies
    8
    Views
    2,869

    Re: Block countries IP

    I agree a well thought out access policy should be at the basis of this. And if requirements allow it white listing is easier to manage and less reactive and therefore more efficient. Iptables rules...
  15. Replies
    16
    Views
    3,459

    [ubuntu] Re: Strange process

    This may or may not be related but since you didn't post any verification results and error output there is not much one can say about this... As I said in my previous post...
  16. Replies
    3
    Views
    545

    [ubuntu] Re: Various problems: chkrootkit, aide

    IIRC Chkrootkit sends output to stdout, meaning you have to send it to whatever destination yourself. If that's due to what I wrote about above then try '/usr/sbin/chkrootkit >...
  17. Re: chkrootkit bindshell udp 47017 false positive???

    No it isn't. (Apart from the fact some people thinking personal experience equals whatever happens on the 'net right now) traditional root kit usage simply has been dwindling for years now. Like...
  18. Re: chkrootkit bindshell udp 47017 false positive???

    Well it's this boards security forum so... Chkrootkit may not show the Process Id in its output but that's what you should be looking for, because most of the time a process using networking will...
  19. Replies
    16
    Views
    3,459

    [ubuntu] Re: Strange process

    That's what I said already, please act accordingly. There's three servers discovered with this software in this thread alone. And there's many more servers on the 'net poorly maintained or left...
  20. Replies
    16
    Views
    3,459

    [ubuntu] Re: Strange process

    See the "flush" process to check in the OP's post and the list of files to check for in my earlier post. If you find those files and processes then they're run by root. Which means a root...
  21. Replies
    23
    Views
    2,171

    Re: The Issue of Anti-Virus Scanners

    That may be the case for amateur machines safely tucked away behind non-port-forwarding CPE (also saying "weak passwords" suggests somebody here isn't adhering to SSH best practices like using only...
  22. Replies
    23
    Views
    2,171

    Re: The Issue of Anti-Virus Scanners

    One portion of Linux users aren't aware they're using Linux. More importantly, if you look at the amount of spam, malware hosting and scanning that comes from compromised machines at resellers and...
  23. Replies
    23
    Views
    2,171

    Re: The Issue of Anti-Virus Scanners

    With all due respect but that's not true. Bittorrent clients don't execute torrent contents you download or upload. *If you meant actually trying to use what you download then that's absolutely not...
  24. Replies
    13
    Views
    19,971

    Re: Possible virus? Process 'bioset'

    Ha! Thanks for the clue. See: http://lxr.free-electrons.com/ident?i=bio_set ("bio" as in "block I/O").
  25. Replies
    13
    Views
    19,971

    Re: Possible virus? Process 'bioset'

    Yeah sorry, that was a formatting fsckup the commands should indeed be run separately. Which post do you mean? The reflex should be to gather nfo. Now you've got some commands for next time. ...
Results 1 to 25 of 250
Page 1 of 10 1 2 3 4