-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/10/07 11:53, Fran wrote: > I've been told by my ISP that my sarge webserver (only port 80 open, all > software up to date) is spewing traffic they're calling IRC_nick, which > is apparantly some sort of IRC bot.
"IRC_nick" is really ambiguous. What port do they say it's coming from? I'd also suggest you have a trustworthy friend do a thorough nmap of your system. > I'm unable to locate the file/files that are infected. Additionally, I > can't see the process/processes for the bot when it's running. > > chkproc -v does reveal some hidden procs, but before I can kill them, > they seem to go away. > > chkrootkit/rkhunter don't seem to see anything either. > > Any other suggestions? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFpT3MS9HxQb37XmcRAqAjAKDImKndXJu8AWKXd9zUM/lDVYIk9gCglMyk vs1DSU50/AvTf8UI+jSRIRE= =VBOu -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
