Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Huge hidden process and port in Linux server

From: Ian McBeth <micro () network-ops ca>
Date: Tue, 20 Aug 2013 08:05:07 -0600
would do what has been suggested to you already ... format and re-install .... seriously (restore from a CLEAN backup) the last part there is tremendously important ... 


Ian~

On 08/20/2013 06:04, J B wrote:

Thanks a lot to all of you for your responses.
I have just rebooted my local box and 2 days after that,
it doesn't attempt any attempt to ssh the remote box.
After then it again has started to log into the remoet
box with the right users and with a pubkey. Actually I
loginto the remote box with pubkey and somehow the hidden
process learn that !!!

I really don't know how to stop this :-(



On Thu, 8 Aug 2013 09:46:41 +0800
"Tyler Chen (FairLine)" <tyler.chen () fairline com tw> wrote:
Maybe it's not a hidden process? Have you checked last logon records? Any 
unauthorized logon? See anything interesting with netstat -anop ?

Best regards,
Tyler
2013/8/7 下午6:56 於 "J B" <bakshi12 () gmail com> 寫道:

> Hello list,
>
> I have got a problem that my server is continuously doing ssh attack on a
> remote server (which I also work
> time to time). My local linux server is attacking the remote linux box
> with the same remote user name
> with pubkey. I also investigate the remote box and find same.
>
> I install rootkinhunter, chkrootkit and unhide in my local linux box.
> Both rootkinhunter, chkrootkit provide a clean report but "unhide brute"
> has found a lots of Hidden process and unhide-tcp finds some hidden port
> time to time. Please suggest how can I investigate further to identify
> the process causing the trouble and how to disinfect my box.
>
> Thanks
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your Apache
> web server. Throughout, best practices for set-up are highlighted to help
> you ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
----------------------------------------------------------------------- 
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your
company and how your customers can tell if a site is secure. You will
find out how to test, purchase, install and use a thawte Digital
Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management
of your encryption keys and digital certificates.
www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ----------------------------------------------------------------------- 

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: