If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Virus Alert!

rogue-entity · 2005-12-04 15:55:15

This is a virus alert with a twist. One of the Linux servers that I maintain was infected with the "LINUX/PsychoFor" virus. The virus infected the machine through the webserver. The machine was running Debian Sarge, Apache 2.0.54 and PHP 5.0.1 The infection got worse when I restarted the server, the virus hyjacked port 80…

Options

04-12-2005 4:55pm

#1

rogue-entity

Registered Users Posts: 1,647 ✭✭✭

Join Date: July 2005

Posts: 1569

This is a virus alert with a twist.
One of the Linux servers that I maintain was infected with the "LINUX/PsychoFor" virus. The virus infected the machine through the webserver. The machine was running Debian Sarge, Apache 2.0.54 and PHP 5.0.1

The infection got worse when I restarted the server, the virus hyjacked port 80 and setup a backdoor. The system has been restored from a backup and all is now well. I would suggest that anyone using these software versions, apply the latest security patch.

Will this may be the first time many of you have ever heard tell of Linux servers getting hacked, it does happen although rarely. Look out for files/services called "caralho"

0

Comments

Options
#2 05-12-2005 6:15pm
Martyr

Closed Accounts Posts: 1,567 ✭✭✭

Join Date: November 2001

Posts: 1391

You're lucky it wasn't something more sophisticated, like a rootkit.

0