last -i doesn't show any unusual activity. rkhunter didn't give specific info about the mod, just that something had changed, and it probably had to do with some tinkering with mysql. When I ran rkhunter again today, it didn't show anything wrong. Pretty sure I inserted a new mod since last time I ran rkhunter. Not worried about it.
I don't think anybody could establish a remote xsession unless they could figure out a way to do it through... well, let's not give them any ideas.
But as long as we're on the subject of security. This morning at 4:17, I got an email from
winvn@news.ksc.nasa.gov
Subject: Hello,info,japanese girl VS playboy
Message: Content-Type: application/octet-stream;
name=jill stack@fastclick[1].txt
Content-Transfer-Encoding: base64Content-ID: <ZwF6s9780575W39tY94>cGx1dG8KNzM2MzgzMzI4fDB8ZTE0YTI5MmEtM
Tg5NC00YTUzLWE2ZmEtOTliM2IyMjk1YmM3fApmYXN0Y2xpY2submV0Lw
oxMDI0CjM4OTcwNzIzODQKMjk4Mzg5MjEKNDA3NDg2NTgwOAoyOTcxMT
k3NwoqCj==
What the hell is that all about?