Security Incidents mailing list archives
Ramen
From: Matthew Roley <matt () babelmedia com>
Date: Mon, 22 Jan 2001 12:11:15 -0000
Hi there, I was wondering if you can help me (...please :)). One of our RedHat 6.2 servers was hit this morning with Ramen. I've cleaned it out using the documented procedure but there's still a lingering problem which seems related. The hosts.allow and hosts.deny files on the server have been completely locked and cannot be changed, removed, chmoded even with superuser access. This doesn't seem documented anywhere but I can't think of any other cause (this problem did not occur before the infection). Any help or advice you can give would be (very) greatly appreciated. Thanks. Matt ...................... Matthew Roley (Web Developer) Babel Media Ltd. Unit 11-12 Hove Business Centre Fonthill Road Hove East Sussex BN3 6HA Tel: +44 (0)1273 764 120 Fax: +44 (0)1273 732 278 matt () babelmedia com