Thanks! I spent most of my weekend getting it cleaned up, I found about
5 or so bad files in about a half dozen sites, all created by wwwrun and
only in directories that where set to 777 by the clients. Just for
everyone's sake I'm going to post them here.
These I found floating on their own
I'm running a SuSE 9.1 server with Apache 2.0.58 and as of last Thursday
I'm seeing a ton of files created in spots they should be. All created
by wwwrun (the webserver). I'm finding PHP scripts that are blatantly
commented with hacker code, _vti_ directories in sites and this server
doesn't
It was thus said that the Great Tom Ray [Lists] once stated:
I'm running a SuSE 9.1 server with Apache 2.0.58 and as of last Thursday
I'm seeing a ton of files created in spots they should be. All created
by wwwrun (the webserver). I'm finding PHP scripts that are blatantly
commented with
One time one of our servers running Fedora was exploited through a
security hole in the PHP Horde framework. Through the hole, they used
WGET to download a stand alone FTP server, which they then installed
and put on an IRC bot to start serving files. All this happened in our
/tmp directory,