Results 1 to 4 of 4
  1. #1
    Join Date
    Apr 2004

    Slapper worm attack twice!!!

    Hello All,
    When I checked my server's load ,it was in between 20-22.So when I checked the logs for possible reason I found too many proftpd requests times out from different ip addresses.
    Now I know that,some has scanned my ports,now when I cheked for any possible hacks on server I found some strange results:
    I found 4-5 lins saying :
    Bogus tcp line etc.. for at least 4-5 times and
    a strange line saying ..
    bogus Unix line once!!!
    then Its shows line saying ..
    possible Slapper worm infected ...
    Two days back when I checked for the same I have updated the faulty package
    namely openssl version .90b etc.
    I have applied this patch two days back....
    But now today again these line are showing up!!
    What should I do to stop this worm from infecting?Is there any method to clean infected files?

  2. #2
    Join Date
    Mar 2003
    California USA
    Well if you did not clean it out properly the first time there is a chance you can get it back.
    Steven Ciaburri | Proactive Linux Server Management -
    Managed Servers (AS62710), Server Management, and Security Auditing.

  3. #3
    Join Date
    Apr 2004
    Hello ,
    The proble is that I checked the /tmp folder it dosen't contain any .C file which si indication of infection.
    So how do I know what is infected on serevr?And how do I clean it?
    The only warning I got is in chkrootkit output..
    Please help!!!

  4. #4

    Have you thought about contracting some one to secure your servers?

    Steve from
    Huck from
    Mouse from

    Thank you.

    P.S. While I know some worms, rootkits, et all are easier to get rid of manually than others, I believe the safest route is to wipe the system, re-install the operating system, re-install all applications which need to be installed from source, and then restore from a backup made prior to the hack.
    Peter M. Abraham
    LinkedIn Profile

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts