Re: Weird login, possibly related to rootkit Q

On Friday 24 February 2006 14:04, Benjamin LaHaise wrote:
On Thu, Feb 23, 2006 at 01:21:07AM -0500, Gene Heskett wrote:
So we did a reinstall (rh9) without formatting because there was a
lot of non-replaceable data on it. This also saved the logs, but
they are obviously not a lot of help when about 5 hours is missing
at about the time everything went to hell.

Let's get this straight: your old Linux distro got rooted, so you
installed an old Linux distro that no longer gets security updates to
replace it. Why is that kernel related? Sounds more like pebkac.

The version of php in the newer distros is not backards compatible and
breaks most of the scripts used by the web page server (this box is its
database) and that would require a lengthy rewrite of the php stuff on
both machines, so the re-install of rh9 was the perceived easiest way
out. Its a commercial business whose web page gets 20k+ hits a day &
downtime shouldn't be extended 2-3 days while re-writeing all of that
as it took around 2 weeks to do it all originally. Then at the end of
the install, we edited the yum.conf to use the legacy servers and let
it install/upgrade everything, a Gigabyte or so.

Had the php for say FC4 been backwards compatible, then obviously we
would have taken a different path. I don't think the yum.conf had been
updated or installed even before this, and apt-get had, with its old
paths in its config, also quit working quite some time back.

OTOH, if its gets hit again, then obviously we'll go to a newer distro
and re-write the scripts. It may even be time for Jim to learn how to
use sed, and just globally replace the old with the new for each
command. But he's busy too, just having been handed responsibility for
a bunch of G5's doing editing in news. Too busy IMO, which is why I
'came out of retirement' long enough to give him a hand & point
directions to take while recovering.

-ben

--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • RE: [PHP] Xampp question, pretty much 0T
    ... I suggest you look into VMWare. ... versions (player, server, etc) if you don't want Workstation (which I ... [PHP] Xampp question, pretty much 0T ... recommended it to me when I asked for an easy install of AMP. ...
    (php.general)
  • Re: Trouble getting PHP to use MySQL
    ... put a copy of libmysql.dll in the Windows/System32 folder. ... Now, when I look at the PHPInfo.php page, it does show MySQL as ... It shouldn't be a problem as long as it matches your PHP version ... And WAMP is ok for someone who doesn't understand how to install ...
    (comp.lang.php)
  • HOWTO: FreeTDS for Newbies (almost complete)
    ... One way to do that is to install FreeTDS, recompile PHP, ... You can go to freetds.org and install the RPMs on Unix or Linux ...
    (comp.lang.php)
  • Re: [SLE] updating to PHP5
    ... while running PHP 5 for my stuff. ... managed by SuSE staff where you can download latest apache with all ... SLES 9 doesn't need PHP for its default configuration. ... Thus, it seems possible to remove PHP4, install a new Apache instance, PHP5 ...
    (SuSE)
  • Re: Installing PHP on SBS 2003
    ... Windows binaries at http://downloads.php.net/ilia/php-4.3.5RC1-Win32.zip ... be able to forego the next several steps required for a manual install. ... I extracted php to the root directory of my chosen drive. ... > You may then need to click on Add a new Web Service Extension to add the ...
    (microsoft.public.windows.server.sbs)