[sf-lug] Hacked RHEL4/PHP4 server
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Thu May 22 11:02:15 PDT 2008
On Thu, May 22, 2008 at 10:47 AM, Rick Moen <rick at linuxmafia.com> wrote:
> Yes, of course. There are standard rootkits that do that. That's why the
> only truly sound way to examine a suspect system is to boot different,
> trusted media and mount the system's filesystems without running its
> code -- but good luck doing that on a virthost.
/me wonders if a clever attacker could corrupt the infected file
system in such a way that when mounted on the "clean" system, it also
becomes infected :-)
--
Kristian Erik Hermansen
--
"When you share your joys you double them; when you share your sorrows
you halve them."
More information about the sf-lug
mailing list