Has my fedora 18 installation been hacked?

agraham agraham at g-b.net
Fri Mar 15 11:53:12 UTC 2013

On 03/15/2013 11:16 AM, Georgios Petasis wrote:
> I suspect that it is a joomla 1.5.26 exploit. I have found two php files
> in the tmp folder of one web site,
> and POSTs to them in the apache access log file.
> (I know this is an old version of joomla, and I have made the mistake to
> make the folders tmp, cache & log writtable by the apache in selinux...)
> Thus, I have shutdown the web server, and monitor the server for a few
> days, to see if these firewall complains persist.

The only way to be sure the machine is clean is to re-install Fedora 
(and re-format) from scratch and probably and older version like F17 as 
F18 is very new.

This will also reassure your ISP that the issue is being addressed.

More information about the users mailing list