Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: severity of break-in?

On Aug 31, 2005, at 12:32 PM, Dan Shoop wrote:

Most likely the reboot will clear out user mode worms, since they don't actually compromise the system, just the user. The worm would have needed to compromise teh system itself to write any startup files. Though many bad applications wonk permissions on /Library/ StartupItems. All user files should be scrutinized so that they don't have any login startup items that will restart it.

Thanks for the advice, Dan. As I mentioned to a couple of folks off- list, it would be politically difficult to take down the server and wipe/install, although it could be done if really necessary. For now, simply removing the build of PsyBNC and the file stuck in /tmp seems to have cleared up the problem. In the meantime, I'll continue scanning the machine and users, plus monitor it, and should any other funny business manifest, I'll force the client to let me rebuild the box from scratch. <sigh>

Ted
--
Group D Communications
Technology Consulting -- IT, Databases, Software, Websites, Hosting
www.groupd.com
PH 415.701.8331
FX 415.701.8332
P.O. Box 170697
San Francisco, CA 94117-0697

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Re: severity of break-in? (From: "Reese, Stevan" <email@hidden>)
 >Re: severity of break-in? (From: Dan Shoop <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.