Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
January 31, 2006, 2:43 pm
rate this thread
as failure to mount floppy disks, failure to eject the cdrom
drive. at least these are the ones that caught our attention. Nobody has
physical access to the server, and nobody that has root access has
tried to do either of the above. Somewhere along the line i found modprobe in
one of the error messages.
I made a wrapper for the modprobe command (in the attachement)
Randomly, (maybe once every other day) I actually get email from this script.
(also in the attachment)
I am extremely concerned about this because it appears that modprobe is being
run by the web server (as root none-the less)
I cannot think of anything that would rationalize apache running modprobe.
Any ideas on what my have caused this? (PS. The timing is not consistant, and I
don't see anything in cron that would do this)
and in a worst case scenario - If this is a real break-in, what can I do to
catch the user in the act.
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security