Did you finally restore from backup or something? I didn't hear how you got it back up. You said it was in AZ or someplace far away. Just curious what got you to the point you could talk to the machine. These kind of stories are like trashy novels for geeks.
Brian Kelsay
Jonathan Hutchins <> 02/25/05 01:50PM >>>
I found a trojan running on my server today - rootedoor (http://vil.mcafeesecurity.com/vil/content/v_128116.htm).
Couldn't find much information about it on the web. If you know anything specific about it (not general speculation on rootkits, trojans, etc.), I would appreciate you sharing it with the list.
I detected it running as one of the last two processes listed by 'ps ax' just before a reboot to install a new kernel; the reboot seems to have eliminated all traces of it from the system.
I found a number of missing or corrupt Perl modules on the system, but that may not be related, it's an old system and I've had some Perl issues before.
This _is_ the system that suddenly lost all it's files Sunday night, so it could have been hacked before.