Alan Hicks wrote:
> In article <ec4082b3.0309012255.24f2e7c8@posting.google.com >, Aleksandr wrote:
>> 1. Both boxes show the exact same file sizes on affected files. The
>> files are always the same ones being affected. Could be indicative of
>> a standard root kit, but again, why would a root kit replace gd
>> executables?
>
> Again, verify that these files are identical with md5sum.

i cannot imagine anything but a cracker if the files are indeed
identical. perhaps someone is just messing up your boxen to watch you
squirm..

>> Something that just occurred to me is that I believe the file system
>> corruption occurred on each box right after I scp'ed a file from a
>> different system to that box.
>
> That doesn't make a whole lot of sense though. scp is just a simple
> copy program tunneled through ssh. Why would that touch the majority of
> your files in /bin? Unless possibly you scp'ed these files from the
> same machine, and that machine has something very wrong with it.

or scp (or ssh?) is compromised?

i don't really know, though. never had to deal with such issues.

--
Joost Kremers
since when is vi an editor? a discussion on vi belongs in
comp.tools.unusable or something...