[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Postfix Problems



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CodeHeads wrote:
> On Tue, 16 May 2006 15:03:49 -0400 CodeHeads <kingcobra code-heads com> wrote:
<snip lots of perl cruft>

What I cannot understand is how someone can upload to the tmp dir.  I
guess I
am still learning.  Can someone shed some light on this?

it is not an uncommon method to use a box as a drone - find a
vulnerability that you can exploit, dump an executable file in /tmp, run
it as the apache user.

what version of FC is this on?

Are you running some kind of PHP web application?

Are you running with SElinux in enforcing mode?
(based on the general impression I get that apache appears to be running
files from /tmp, I would guess not)

it looks like you have been compromised. Possibly by a PHP exploit (I
hear there have been quite a few of these over the last year or so)

There are others here on the list who may have more experience with this
than I, but if you *have* been compromised, the only safe course of
action is to reinstall the affected system from known good media.

You can no longer trust any of the applications on the affected box.

Regards

Stuart
- --
Stuart Sears RHCA RHCX
To err is human, to forgive is Not Company Policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEajVSamPtx1brPQ4RAiV7AJ9r3LifTQK3D/zaA/DQpiCp2go7zACfavQe
pphHQsdVX+y28nm53HVO9zk=
=W1kl
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]