infected with the "suckit" rootkit

Forum Moderators: bakedjake

Message Too Old, No Replies

infected with the "suckit" rootkit

Robber

12:42 pm on Apr 13, 2004 (gmt 0)

Hi,

Just discovered our SuSE Linux 8.1 server is infected with the suckit rootkit. The first symptom I noticed was web pages hosted on the server containing an additional line of code pulling in either javascript or iframe.

We've been advised to basically start again with a complete new install.

Just wondered if anyone else had gone through this or had any advice relating to this matter.

Whats seems worrying is that after searching for a while there seem to be quite a few posts on other forums suggesting that even the most up to date, patched machines have, in the past been compromised. Whats the best way to make sure you are as secure as possible?

Cheers

bcolflesh

12:43 pm on Apr 13, 2004 (gmt 0)

We've been advised to basically start again with a complete new install.

Good advice.

Robber

12:46 pm on Apr 13, 2004 (gmt 0)

Just another note relating to the above, assuming we go ahead with the complete new install (which looks likely) I was wondering what peoples favourite setups are in terms of security and speed/performance when choosing which version of a particular product to install, requirements would basically be any LAMP configuration.

So to re-phrase that and make it a bit clearer hopefully (!), what versions of the following do you think make the best combination:
* linux
* apache
* mysql
* php

Cheers