Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 18 of 18
Can't take it off line? Very irresponsible. There are no guarantees that your system is clean, even after running packaged programs that supposedly clean your PC. As Flatline already stated ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Engineer
    Join Date
    Mar 2005
    Location
    Where my hat is
    Posts
    766

    Can't take it off line? Very irresponsible.

    There are no guarantees that your system is clean, even after running packaged programs that supposedly clean your PC.

    As Flatline already stated earlier in this thread, the ONLY way you will know you have a clean installation is to repartition, reformat, and reinstall the system. Period. To do anything else is just plain, well, for lack of a better word, stupid.
    Registered Linux user #384279
    Vector Linux SOHO 7

  2. #12
    Just Joined!
    Join Date
    Feb 2004
    Location
    Indonesia
    Posts
    84
    take it easy retired1af this server i manage is running some small webshoting
    of course i can't offline for a while (i can get more angry from customers)

    but i found that binary suckit rootkit on mine is under
    /usr/X11R6/bin/.httpd/

    hey i found it after do
    #locate sniffer
    /usr/X11R6/bin/.httpd/.sniffer

    you may try this link i found http://hepwww.rl.ac.uk/sysman/april2...dentReport.ppt
    cause google is very kind you may try this HTML page
    http://64.233.183.104/search?q=cache...ient=firefox-a
    or just typeremove suckit rootkit on query

    thanks for your support

  3. #13
    Linux Engineer
    Join Date
    Mar 2005
    Location
    Where my hat is
    Posts
    766


    How do you know that the kit isn't the only thing on there? Blunt answer. You don't. Your system has been compromised. And I guarantee your customers will be far more upset and angry if they knew you were running a compromised box.
    Registered Linux user #384279
    Vector Linux SOHO 7

  4. $spacer_open
    $spacer_close
  5. #14
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    save your time to do the 3R instead of searching around for solution,
    use a new root password after you've re-installed your system,
    remember to update your system frequently with latest patches from the distro vendor,
    stop using root account with plain text protocol like telnet, pop3, smtp, etc...
    firewall your box properly,
    and, disable those unnecessary services to minimize the chances of being hacked.

    good luck

  6. #15
    Linux Newbie
    Join Date
    Nov 2004
    Posts
    239
    How would you tell if you have been infected by such a rootkit?

  7. #16
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    Quote Originally Posted by dark_lord_kodd
    How would you tell if you have been infected by such a rootkit?
    you can use a program called chkrootkit, you can get it here
    http://freshmeat.net/redir/chkrootki...rootkit.tar.gz

    it checks your binaries for rootkit modifications
    http://web01.slackhost.net/~admin74/...chkrootkit.png
    and then checks for the existance of any worms or rootkits
    http://web01.slackhost.net/~admin74/...hkrootkit1.png

  8. #17
    Just Joined!
    Join Date
    May 2005
    Posts
    42
    Rootkit Hunter is another good one.
    http://www.rootkit.nl/projects/rootkit_hunter.htm

    Detection List:

    55808 Trojan - Variant A
    ADM W0rm
    AjaKit
    aPa Kit
    Apache Worm
    Ambient (ark) Rootkit
    Balaur Rootkit
    BeastKit
    beX2
    BOBKit
    CiNIK Worm (Slapper.B variant)
    Danny-Boy's Abuse Kit
    Devil RootKit
    Dica
    Dreams Rootkit
    Duarawkz Rootkit
    Flea Linux Rootkit
    FreeBSD Rootkit
    ****`it Rootkit
    GasKit
    Heroin LKM
    HjC Rootkit
    ignoKit
    ImperalsS-FBRK
    Irix Rootkit
    Kitko
    Knark
    Li0n Worm
    Lockit / LJK2
    mod_rootme (Apache backdoor)
    MRK
    Ni0 Rootkit
    NSDAP (RootKit for SunOS)
    Optic Kit (Tux)
    Oz Rootkit
    Portacelo
    R3dstorm Toolkit
    RH-Sharpe's rootkit
    RSHA's rootkit
    Scalper Worm
    Shutdown
    SHV4 Rootkit
    SHV5 Rootkit
    Sin Rootkit
    Slapper
    Sneakin Rootkit
    Suckit
    SunOS Rootkit
    Superkit
    TBD (Telnet BackDoor)
    TeLeKiT
    T0rn Rootkit
    Trojanit Kit
    URK (Universal RootKit)
    VcKit
    Volc Rootkit
    X-Org SunOS Rootkit
    zaRwT.KiT Rootkit

    and... some known/unknown sniffers, backdoors like:
    Anti Anti-sniffer
    LuCe LKM
    THC Backdoor

  9. #18
    Just Joined!
    Join Date
    Jan 2010
    Posts
    1
    good info, thanks!

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •