[Gllug] Have I been compromised??
Tom Gilbert
tom at linuxbrit.co.uk
Mon Sep 2 07:07:47 UTC 2002
* omphe (omphe at keiko.demon.co.uk) wrote:
> Need some advice. My apache logs show a few entries from outside
> addresses, everything else coming from the localhost address. All
> outside requests have been responded to with 404's or 405's.
> Chkrootkit detected nothing. The history binary is in order. ps seems
> to be working fine. Have I been compromised?
>
> My inexperience tells me to reinstall, keeping only non-binaries in my
> backups. Need I clean off my windows partition as well? Not sure if
> I'm being paranoid or not.
Why do you think you've been compromised? Seeing external addresses in
your apache logs is pretty normal, after all =P
Lots of 404s or 405s is probably a code red attack or the unicode one,
which would only indicate a compromise if you were running IIS...
Tom.
--
.^. .-------------------------------------------------------.
/V\ | Tom Gilbert, London, England | http://linuxbrit.co.uk |
/( )\ | Open Source/UNIX consultant | tom at linuxbrit.co.uk |
^^-^^ `-------------------------------------------------------'
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list