Mystery infestation strikes Linux/Apache Web sites
Posted by: Anonymous
on January 25, 2008 02:28 PM
'If it finds invalid MD5 checks for those files, replace them, reboot the server, and you are done'
Yeah, no, not so much.
You haven't even looked to see if a new service has been added, a new privileged account added, or some other back door installed. It's easier and simpler to make a copy of your configuration files and reinstall the system from scratch. Actually, it'll take less time than booting your liveCD and verifying the MD5 sums.