False Positives

Oi what a day - this morning I got my usual LogWatch report from the server, and noticed that login attempts on the server have dropped, I looked over the last few days again, and it seems after a recent RH update I did it slowly dwindled down, one day of maybe 50, then 2, and yesterday 0. Weary that it may be someone got in, I did the usual checks for common rootkit download locals, all clear, then of course I had to check the status of the apps in place, and when I did that I got a “OMG” moment. Praying quickly I looked over backups, then switched back to the console doing the check.

I got a note that the following apps had bad MD5 sums (thus they have been changed from the known version I should have) - needless to say I hit Google to see if anyone else had the same popup since everything else in the check came back fine, usual complaints about the internal cPanel versions of things - but that’s not odd, turns out the definations haven’t update for the md5 lists, the latest RHE update I did was newer than the definations. So it was a false positive.

But still I am seeing a major drop in attacks, while that is a good thing, still not entirely sure as to the “why” it is going on, going to talk to the upstream tonight and see if their recent network tweaks have added any IP spoofing detection, as I know 2/3 of the attacks I get come from spoofed IP’s so time will tell.

Needless to say though, I am tired today, long night that bled into morning - but prayers are appriciated as I am going to be watching this closely for a few days as I try to nail down the server is secure, upgrade some resources, tighten others - but s ofar its all good, God is Good - craziness :)

I need food. *wanders off*

Posted on 7 December '05 by Chuck Brown, under work, you hurt my brain.

 
close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus