Found, a new rootkit
ekrack at sigecom.net
Tue Apr 4 01:43:13 UTC 2006
> In doing some checking of a web server, we found an irc port open on
> 31377, one of the black hatters favorites. A port that portsentry was
> supposed to be rejecting but wasn't.
Why would your web server be write-able?
Configure Secure Defaults:
Deny from all
Allow from all
Just my 2 cents.
More information about the users