[TriLUG] I've got intruders!!
ian at trilug.org
Tue May 16 07:52:03 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
> are you running any php scripts? ive seen this happen on my box once..
> Theres a nasty css vulnerability in horde and other php apps which can be exploited easily.
As Jason said, it was more than likely from a zombie box, scanning
webservers for $some_webapp with a well known vulnerability, using it to
download a backdoor of some sort, and then spamming spammy spam. Either
that, or you had a bad ssh username/password, and a zombie found that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v18.104.22.168 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the TriLUG