[clug] Security: RoundCube Webmail Exploit
Andrew Janke
a.janke at gmail.com
Sat Apr 25 03:45:54 GMT 2009
> took a bit of poking around to figure out that a rootkit / password
> cracker / SSH scanner had been installed via Roundcube. Not so much
> fun.
>
> I use mon[1] on that server to monitor some key processes. Does anyone
> know how to configure mon to monitor CPU load or an abnormal number of
> running processes owned by root / www-data and the like?
Or on this note a more general root-kit "scanner" for web-connected machines?
a
More information about the linux
mailing list