[BlueOnyx:05939] Re: hacker scripts
Jeffrey Pellin
jeffrey at px2co.net
Mon Nov 29 13:17:19 -05 2010
We have had this kind of problem - so you have my sympathy
You could try making sure that register globals is off.
Also don't delete the files from temp - chmod them to 000 prevents them
being re-uploaded.
At our worst I went through our boxes using an ftp program to identify new
files to find the uploaded gateways that these guys use - not easy with a
cms with 150 customers on it.
Regards
Jeffrey
On Mon, 29 Nov 2010 11:08:22 -0600, Gerald Waugh
<gwaugh at frontstreetnetworks.com> wrote:
> Have a server been exploited several times
> they come in through httpd
> install scripts in /tmp
>
> this one was dc.txt
>
> # Priv8 ** Priv8 ** Priv8
> # IRAN HACKERS SABOTAGE Connect Back Shell
> # code by:LorD
> # We Are :LorD-C0d3r-NT-\x90
> # Email:LorD at ihsteam.com
>
> we also had .sep and send
> send sends sms emal, by the thousands @tmomail.net
>
> How can I stop these people from downloading and running their scripts
> in /tmp using httpd
More information about the Blueonyx
mailing list