[nycbug-talk] Searching for suspect PHP files...

Matt Juszczak matt at atopia.net
Mon Mar 9 00:54:26 EDT 2009

> Yes, /tmp is the favorite directory of all www script kiddies and other
> crackers.  Mounting it noexec can help a little bit, but I also disable
> world x rights for perl, ssh, nc, sh, c, as, etc., so they won't be able
> to open a remote reverse shell.  I really think that php websites
> nowadays are number one on the crackers' list.

Is there a document with a list of steps that could potentially help this? 
Also, is there a possible default mtree file I could use for 6.3-RELEASE 
since I didn't generate one in the beginning?  What's the best way to 
audit an *existing* server with PHP running on it, etc.  We've got some 
wordpress installs, etc. - unsure if any were vulnerable.


More information about the talk mailing list