[clug] Security: RoundCube Webmail Exploit

Andrew Janke a.janke at gmail.com
Sat Apr 25 03:45:54 GMT 2009

> took a bit of poking around to figure out that a rootkit / password
> cracker / SSH scanner had been installed via Roundcube. Not so much
> fun.
> I use mon[1] on that server to monitor some key processes. Does anyone
> know how to configure mon to monitor CPU load or an abnormal number of
> running processes owned by root / www-data and the like?

Or on this note a more general root-kit "scanner" for web-connected machines?


More information about the linux mailing list