Found, a new rootkit

Edward Krack ekrack at
Tue Apr 4 01:43:13 UTC 2006

Gene Heskett:

> In doing some checking of a web server, we found an irc port open on
> 31377, one of the black hatters favorites.  A port that portsentry was
> supposed to be rejecting but wasn't.

Why would your web server be write-able?

Configure Secure Defaults:

<Directory />
        Order Deny,Allow
        Deny from all
<Directory /path/to/html/docs>
        Order Allow,Deny
        Allow from all

Just my 2 cents.


More information about the users mailing list