17 Oct
2023
17 Oct
'23
7:22 p.m.
Some more info on the issue after running RKhunter: [09:47:54] Warning: Network TCP port 47018 is being used by /tmp/.X291-unix/.rsync/c/blitz64. Possible rootkit: Possible Universal Rootkit (URK) component
You need to remove the rootkit. Someone has hacked into your system. This has nothing to do with Mailman3 as such.
If you do a ps axfu | grep blitz64
you should be able to find which uid is being used (first column of output). You'll then be able to find the bits of the rootkit by looking at that user's processes and open files, and delete them.
And then you can fix that user's permissions/password so it's less likely to be compromised again, or delete the user entirely if the user isn't being used for anything else.
-- Peter C