[clug] Security: RoundCube Webmail Exploit

[Andrew Janke]

> took a bit of poking around to figure out that a rootkit / password
> cracker / SSH scanner had been installed via Roundcube. Not so much
> fun.
>
> I use mon[1] on that server to monitor some key processes. Does anyone
> know how to configure mon to monitor CPU load or an abnormal number of
> running processes owned by root / www-data and the like?

Or on this note a more general root-kit "scanner" for web-connected machines?


a