[nycbug-talk] Searching for suspect PHP files...
matt at atopia.net
Mon Mar 9 00:54:26 EDT 2009
> Yes, /tmp is the favorite directory of all www script kiddies and other
> crackers. Mounting it noexec can help a little bit, but I also disable
> world x rights for perl, ssh, nc, sh, c, as, etc., so they won't be able
> to open a remote reverse shell. I really think that php websites
> nowadays are number one on the crackers' list.
Is there a document with a list of steps that could potentially help this?
Also, is there a possible default mtree file I could use for 6.3-RELEASE
since I didn't generate one in the beginning? What's the best way to
audit an *existing* server with PHP running on it, etc. We've got some
wordpress installs, etc. - unsure if any were vulnerable.
More information about the talk