[nycbug-talk] Searching for suspect PHP files...
matt at atopia.net
Thu Feb 26 18:27:48 EST 2009
In my latest chkrootkit reports (which I run nightly via periodic), I'm
noticing lots and lots of "Suspect PHP Files" (via chkrootkit). It seems,
after checking the code, that its really just searching for PHP files in
/tmp, and also searching for some other files throughout the system.
I guess the question I have is - what's the point of this check?
More information about the talk