[nycbug-talk] Searching for suspect PHP files...

Matt Juszczak matt at atopia.net
Thu Feb 26 18:27:48 EST 2009

Evening all,

In my latest chkrootkit reports (which I run nightly via periodic), I'm 
noticing lots and lots of "Suspect PHP Files" (via chkrootkit).  It seems, 
after checking the code, that its really just searching for PHP files in 
/tmp, and also searching for some other files throughout the system.

I guess the question I have is - what's the point of this check?


More information about the talk mailing list