Security Basics
Re: Huge hidden process and port in Linux server Aug 20 2013 12:04PM
J B (bakshi12 gmail com) (1 replies)
Re: Huge hidden process and port in Linux server Aug 20 2013 02:05PM
Ian McBeth (micro network-ops ca)
would do what has been suggested to you already ... format and
re-install .... seriously (restore from a CLEAN backup) the last part
there is tremendously important ...

Ian~

On 08/20/2013 06:04, J B wrote:
> Thanks a lot to all of you for your responses.
> I have just rebooted my local box and 2 days after that,
> it doesn't attempt any attempt to ssh the remote box.
> After then it again has started to log into the remoet
> box with the right users and with a pubkey. Actually I
> loginto the remote box with pubkey and somehow the hidden
> process learn that !!!
>
> I really don't know how to stop this :-(
>
>
>
> On Thu, 8 Aug 2013 09:46:41 +0800
> "Tyler Chen (FairLine)" <tyler.chen (at) fairline.com (dot) tw [email concealed]> wrote:
>
>> Maybe it's not a hidden process? Have you checked last logon records?
>> Any
>> unauthorized logon? See anything interesting with netstat -anop ?
>>
>> Best regards,
>> Tyler
>> 2013/8/7 ��6:56 � "J B" <bakshi12 (at) gmail (dot) com [email concealed]> 寫��
>>
>> > Hello list,
>> >
>> > I have got a problem that my server is continuously doing ssh attack on a
>> > remote server (which I also work
>> > time to time). My local linux server is attacking the remote linux box
>> > with the same remote user name
>> > with pubkey. I also investigate the remote box and find same.
>> >
>> > I install rootkinhunter, chkrootkit and unhide in my local linux box.
>> > Both rootkinhunter, chkrootkit provide a clean report but "unhide brute"
>> > has found a lots of Hidden process and unhide-tcp finds some hidden port
>> > time to time. Please suggest how can I investigate further to identify
>> > the process causing the trouble and how to disinfect my box.
>> >
>> > Thanks
>> >
>> > ------------------------------------------------------------------------

>> > Securing Apache Web Server with thawte Digital Certificate
>> > In this guide we examine the importance of Apache-SSL and who needs an SSL
>> > certificate. We look at how SSL works, how it benefits your company and
>> > how your customers can tell if a site is secure. You will find out how to
>> > test, purchase, install and use a thawte Digital Certificate on your Apache
>> > web server. Throughout, best practices for set-up are highlighted to help
>> > you ensure efficient ongoing management of your encryption keys and digital
>> > certificates.
>> >
>> >
>> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> > ------------------------------------------------------------------------

>> >
>> >
>
>
> -----------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
> SSL certificate. We look at how SSL works, how it benefits your
> company and how your customers can tell if a site is secure. You will
> find out how to test, purchase, install and use a thawte Digital
> Certificate on your Apache web server. Throughout, best practices for
> set-up are highlighted to help you ensure efficient ongoing management
> of your encryption keys and digital certificates.
>
>
>
>
>
>
>
>
> www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>
> -----------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus