Am Mit, 2002-12-25 um 09.57 schrieb Dirk Kutsche:
Hi Sven,
Sven 'Darkman' Michels schrieb:
looks like a backdoor. Check if any port is open on your box who souldn't be there.
The standard security-check mailed me: * Changes (+: new entries, -: removed entries): + bi wwwrun TCP *:4000 (LISTEN) + bi wwwrun TCP *:443 (LISTEN) + bi wwwrun TCP *:80 (LISTEN)
It looks like a second process is listening at 443/80 -- because apache incl. ssl worked fine.
Huh? Since when can a port be used twice? I'd say "bi" is a tronjaned version of apache and the original apache isn't running at all. -- Matthias Hentges Cologne / Germany [www.hentges.net] -> PGP welcome, HTML tolerated ICQ: 97 26 97 4 -> No files, no URL's My OS: Debian Woody: Geek by Nature, Linux by Choice