Thanks! I spent most of my weekend getting it cleaned up, I found about
5 or so bad files in about a half dozen sites, all created by wwwrun and
only in directories that where set to 777 by the clients. Just for
everyone's sake I'm going to post them here.
These I found floating on their own
One time one of our servers running Fedora was exploited through a
security hole in the PHP Horde framework. Through the hole, they used
WGET to download a stand alone FTP server, which they then installed
and put on an IRC bot to start serving files. All this happened in our
/tmp directory,
It was thus said that the Great Tom Ray [Lists] once stated:
> I'm running a SuSE 9.1 server with Apache 2.0.58 and as of last Thursday
> I'm seeing a ton of files created in spots they should be. All created
> by wwwrun (the webserver). I'm finding PHP scripts that are blatantly
> commented wit
I'm running a SuSE 9.1 server with Apache 2.0.58 and as of last Thursday
I'm seeing a ton of files created in spots they should be. All created
by wwwrun (the webserver). I'm finding PHP scripts that are blatantly
commented with hacker code, _vti_ directories in sites and this server
doesn't ha
