Server hacked?

NoOp glgxg at
Tue Jan 1 22:48:47 UTC 2008

On 01/01/2008 02:00 PM, Joris Dobbelsteen wrote:

> The box has PostFix, PowerDNS, Apache2 and SSH exposed to the Internet.
> Unfortunally its connected to the single LAN segment I have at home.
> Fortunally I have a strict firewall that doesn't allow IRC out (I don't
> use it, so I do not need to allow it).
> tcp        0      1 192.168.10.xx:60278
> SYN_SENT   15412/[kjournald]
> [trusted entries removed]

You have been hacked. There are a variety of trojans (linx related) that
use port 6667:

Is the system fully updated with all the recent Ubuntu patches/updates?
If so, you may want to contact the Ubuntu security team to let them know
and have them take a look.
[remote IRC servers can execute arbitrary commands]

More information about the ubuntu-users mailing list