{"product":{"product_id":"1598220616","title":"The Rootkit Arsenal: Escape and Evasion: Escape and Evasion in the Dark Corners of the System","price":"6.6","image_url":"https://m.media-amazon.com/images/I/41ewon4IwOL._SL500_.jpg","url":"https://www.amazon.com/dp/1598220616"},"comments":[{"body":"You should just order this book imho.  \r\nhttp://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/1598220616/ref=sr_1_2?ie=UTF8\u0026amp;qid=1303542136\u0026amp;sr=8-2\r\n\r\nIts more recent, covers more techniques and is extremely in depth and it has all the sourcecode in the back of the book.  ","subreddit_name":"netsec","author":"jspeights"},{"body":"Well after the resurgence and killing off that new user that had been created, I realized some folders on the server had been chmod to 777 recently, so I set those down to 755 and also changed some that were 775 to 755, though being careful to check the apps were still cool. It's been about 8 hours and I haven't seen anything since, though I'm going to be doing some forensic analysis on the server [glad I bought this book a while back](http://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/1598220616) I'm going to respond a little more below. (Oh and sorry forgot the password to the sockpuppet account I made earlier)","subreddit_name":"netsec","author":"whiteh7t2"}]}