Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Index.php Injected to Site by Cracker

__/ [ Baho Utot ] on Tuesday 03 October 2006 00:02 \__

> Roy Schestowitz wrote:
> 
> [putolin]
> 
>>>> A quick check reveals the following:
>>>> 
>>>> -rw-r--r--    1 schestow schestow      450 Jun  6  2005 index.htm
>>>> -rw-r--r--    1 nobody   nobody       1.5K Aug  5 20:58 index.php
>>>> -rw-r--r--    1 schestow schestow      32K Oct  1 20:13 resindex.htm
>>> 
>>> 
>>> Looks like apache put it there,  See the nobody user.
>>> Open your httpd.conf and find out which user apache runs under
>>> I think it will be nobody
>> 
>> 
>> Can only root check this? I doubt I have access to this file. Is it a
>> aper-user config file? If so, I am not sure what path it's under.
>> 
> 
> Yes, If the server is properly configured only root can get to it.
> 
> It should be in /etc/httpd/

Many thanks again. I am somewhat fearful that getting the host involved will
devour a lot of time and effort. Surely I could also look at the logs and
try to assess things in a post morten fashion. If this ever recurs, I will
definitely take action, but truthfully I have not done anything yet.

You'd probably think I'm naive for taking that stance, which is fair enough.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index