Can You Interpret This Hacker's Script?

Stuart Jansen sjansen at
Thu Oct 1 12:24:07 MDT 2009

On Thu, 2009-10-01 at 12:21 -0600, Kimball Larsen wrote:
> I also ran chkrootkit and rkhunter - both came back clean, so I don't  
> think the box has been p0wn3d.

As always, you have to ask yourself how lucky you feel. While this might
appear to be clumsy and failed attack, what you've found so far could
just be a diversion.

The old advice "the only way to be sure is to reinstall" still applies.
If this is a personal server, it might not be worth it. If this box is
on a privileged part of your work network, or has sensitive data, it's
definitely worth being sure. 

"XML is like violence: if it doesn't solve your problem, you aren't
using enough of it." - Chris Maden

More information about the PLUG mailing list