Find the answer to your Linux question:
Results 1 to 2 of 2
My father got an interesting email from his ISP in which he was informed that they got a complaint from Undernet. Supposedly, there is a IRC bot operational at the ...
  1. 02-25-2010 #1
    Redman
    Redman is offline
    Linux Enthusiast
    Join Date
    Oct 2004
    Posts
    609

    [SOLVED] ISP warning IRC bot / CentOS

    My father got an interesting email from his ISP in which he was informed that they got a complaint from Undernet. Supposedly, there is a IRC bot operational at the IP address used by my father. The situation: my father is almost 65, does know how to use Linux, but not how to install or configure it. Of course I do that for him. He has one server and one desktop pc, both running CentOS 5.4.

    Yes, all passwords are ones you should think about (user root does not use password root). The server runs in runlevel 3 without a user being logged in. And all incoming traffic is blocked by the modem/router, except for SSH, FTP and HTTP. Those ports are configured to go only to the server, not the desktop pc of course.

    I have been doing some searching yesterday and found little about this on the internet (of course). So I checked all running processed and the .bashrc files for something strange. Nothing there either. SInce my father doesn't know how to install software ("son, that's your job ), I figured it should be related to some plugin for Firefox. Some time ago, I installed Video Downloadhelper so that he could download movies from YouTube. That has been the only thing he could update himself (which happened several times since). Other software he uses that could be vaguely associated to "malware" would be a bittorrent client (from the DAG/Wiers repo) and newsreader PAN (also from DAG/Wiers) and Tamava (website not available at the moment).

    We checked all plugins from Firefox and Thunderbird (compaired to the ones running default on my system) and removed the rest (the YouTube videograbber and a default mime plugin). But I am not sure what else there is left to do. I read on the internet in several articles that malware these days also runs with a regular user account in /tmp (also checked and cleaned).

    I must say that this whole business confused me. The ISP did not give more details (yet) as the helpdesk simply said "You got an email from the abuse team? that means your system is infected. Format and reinstall or run Stinger". When my father replied that he's using Linux, they simply said "Well, we do not support Linux.". On my advice he replied to the "abuse" email asking for more details, but nothing has been heard.

    Of course collegues at work (you know, the ones using Windows) immediately started ranting on Linux. But I don't get this one. How can there be some sort of IRC bot?? Any ideas or suggestions?
  2. 02-25-2010 #2
    Redman
    Redman is offline
    Linux Enthusiast
    Join Date
    Oct 2004
    Posts
    609
    Problem found...

    It appeared that my father had three downloads through bittorrent running for some weeks. He had forgotten all about it.

    So, problem solved

    ** Mod's: please feel free to remove this topic **
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...