LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page phpbb worm infecting other server
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 12-25-2004, 09:53 PM   #1
chadi
Member
 
Registered: Aug 2004
Posts: 96

Rep: Reputation: 15
phpbb worm infecting other server

I received an email from anonymous...

"A worm using a phpbb vulnerability is trying to infect my system coming from IP xx...."

Well, I ran rkhunter and chkrootkit and both came back fine. Are there any others I can run to check for such a worm?

Specs:
RHE 3.3
Cpanel 9.9.9 R-14
PHP v 4.3.1.0


I believe the worm is running as nobody. I did notice a high load in server status for nobody user.

Code:
User Domain %CPU %MEM Mysql Processes 
nobody  95.24 14.34 0.0 
Top Process %CPU 96.3 /hsphere/shared/apache/bin/httpd -DSSL 
Top Process %CPU 96.2 /hsphere/shared/apache/bin/httpd -DSSL 
Top Process %CPU 96.0 /hsphere/shared/apache/bin/httpd -DSSL
Kernel Info:
Linux server.myserver.com 2.4.21-4.0.1.ELsmp #1 SMP Thu Oct 23 01:27:36 EDT 2003 i686 i686 i386 GNU/Linux
Please give me a hand here.
 
Old 12-25-2004, 10:44 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Are you running an older version of phpBB? If so, there is a remote code execution vulnerability. I don't think that the worm tries to get root on the system though, so it's likely that things like rkhunter wouldn't detect anything it does. In any case, I found this link which may help you see if one of your Web sites is infected.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Worm.SomeFool.Q marsques Linux - Security 2 12-20-2004 01:26 AM
Is this a virus / worm? rioguia Linux - Security 1 11-17-2004 05:22 PM
Worm on Linux? :O Cdzin Linux - Security 7 03-10-2004 04:51 PM
beat the worm!!!! engnet Linux - Networking 14 01-27-2004 02:18 PM
Slaper worm FredrikN Linux - Security 5 09-17-2002 03:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:59 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration