Got my box hit today something to do with vadimII

Message

Slynix · Post by **Slynix** » Sat Mar 12, 2005 4:48 pm

Damn suddenly today I get a call. At my second work we have 50mbit line and like 3 C ipadress networks. Everything was unreachable. I was there pretty fast and after some minuts I could confirm that the only linux computer there was causing this problem. Iv been having work in another place etc and havent had time to update the machine. Feels bad sense Iv always preached about Internet security and how Gentoo linux can be very secure. Sense I had some restrictions I felt pretty ok letting it be for the moment. It now has backfired on me and being a more frequent updater could have prevented this. Strange how this little useless machine could cause so much trouble.

I havent had the time to scan trought all logs and backup of logs etc but ill get into it more soon. What appeared to me was that the computer was flooded and I had a few processes called vadimII which Iv heard isnt good.

I could be able to see traces theyv erased sense I have a backup system for the machine which run on daily basis.

Found this post on gentoo: http://forums.gentoo.org/viewtopic-t-26 ... dimii.html

Slynix · Post by **Slynix** » Sat Mar 12, 2005 8:00 pm

seems im not rootkitted because of chk does return anything about it but who knows.. :/

Anyways i think its done with safe_mode = off in php.ini and theyv made something with php :/