[sf-lug] Hacked RHEL4/PHP4 server

Kristian Erik Hermansen kristian.hermansen at gmail.com
Thu May 22 11:02:15 PDT 2008

On Thu, May 22, 2008 at 10:47 AM, Rick Moen <rick at linuxmafia.com> wrote:
> Yes, of course.  There are standard rootkits that do that.  That's why the
> only truly sound way to examine a suspect system is to boot different,
> trusted media and mount the system's filesystems without running its
> code -- but good luck doing that on a virthost.

/me wonders if a clever attacker could corrupt the infected file
system in such a way that when mounted on the "clean" system, it also
becomes infected :-)
Kristian Erik Hermansen
"When you share your joys you double them; when you share your sorrows
you halve them."

More information about the sf-lug mailing list