Matt Mets said: >> Affected systems will need to be wiped and have the OS >> reinstalled, in most cases. > > um, this would be affected systems that didnt know how to set their > web server permissions correctly i assume? you think that any decent > install would do that... ill check the gentoo tonight (which would > probably have been patched a long time ago anyway), but it doesnt seem > to make a whole lot of sense to me. > > I mean come on, you dont have to reinstall an os to do this stuff... > thats crazy talk. This is unix, man, there isnt a registry to screw > up... just reinstall the frigging webserver if you have to. > The problem is that the worm installs a back door on the computer, allowing full remote access to one who knows it is there. Unless you then have tripwire or some other way to prove that no one has been using that back door, the only want to get to a known, secure state is to re-install from scratch. Personally, I think any box found with a back door installed needs to be reformated. That's the only way I could be confident it is not compromised. Alan --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss