Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: NickR on March 19, 2004, 09:34:15 PM

Title: E-smith 5.1.2 compromised with psyBNC rootkit
Post by: NickR on March 19, 2004, 09:34:15 PM

Just a heads-up for anyone still using 5.1.2

I have had 2 reports in the last week of fully patched 5.1.2 servers being compromised and turned into IRC anonomizers using the psyBNC rootkit.

Unfortunately, one of the machines was re-formatted before any forensics could be done.  However the other one is still intact & I will hopefully be getting the disk next week.

I will report back here if I can discover exactly how the box was compromised.

Title: Re: E-smith 5.1.2 compromised with psyBNC rootkit
Post by: Anonymous on March 22, 2004, 11:27:34 AM

Could you tell us how you found out? Is there something we should be looking out for?

-- Jason