[BlueOnyx:05933] Re: hacker scripts
Steve Howes
steve-lists at geekinter.net
Mon Nov 29 12:27:09 -05 2010
On 29 Nov 2010, at 17:23, Gerald Waugh wrote:
> On Mon, 2010-11-29 at 17:17 +0000, Steve Howes wrote:
>> On 29 Nov 2010, at 17:08, Gerald Waugh wrote:
>>> How can I stop these people from downloading and running their scripts
>>> in /tmp using httpd
>>
>> You need to find out how they did it. You're either hosting someone naughty, or someone who has an insecure script. Who owns the files?
>>
> apache.apache
>
> The server has a site with Drupal and some other blog stuff
Please reply to the list, not me.
Could look in .bash_history for each user to see if anyone has abused their SSH access / guessed root pass.
Failing that, you need to find an insecure script on one of those sites. Which wont be easy.
S
More information about the Blueonyx
mailing list