I haven’t seen this hit the mainstream press, or slashdot or anywhere yet. It could be some obvious hole missed while configuring these Red Hat 7.3 boxes but I’m worried. 8 Red Hat 7.3 boxes were broken into and rooted. John doesn’t know how they were cracked, almost missed it but thinks it might be a worm mentioned in Phrack a while back..
I checked my own Red Hat 7.3 boxes and they appear to be fine but given the nature of the worm, it won’t be easy to find without shutting down first.
You might also like
- Catch Novarg Worm with Procmail
The latest updated local-rules.procmail from John Hardin has a rule- Every now and again someone ne …
Every now and again someone new makes an impact on- Loose F717 Lens Barrel – How to fix!
I noticed for a while that the lens on my
If you like this post then please subscribe to my full RSS feed. You can also click here to subscribe by email. There are also my fabulous photos and funny videos to explore too!
What version number of apache? What version number of sshd?
As John mentioned in his mail, some were up to date RH7.3 boxes, some weren’t. He doesn’t know how the boxes were infected, although the Phrack article mentions a vulnerability in PHP. Another weblog bemoaned Red Hat for not updating their PHP rpms so that could be related..