On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER <rili...@me.com> wrote: > The script in question is an exploit from a web board which is apparently > designed to pull outside traffic. If you had SELinux, it would put httpd in > its own context and by default, it will NOT allow connections from that > context to another. You have to enable it with:
The only time my server got hacked was because of phpBB. Using cross-site scripting, the hacker managed to put a pl file and when I ran it, it opened a console. Apparently you are running one of the web boards. Pls follow up any security advisories of that product and any addon/module closely. If you are really curious how yours got hack. You can setup similar system and put a bounty (maybe $1000) in one of the underground community for anyone to hack it and tell you how they do it. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
