Has my fedora 18 installation been hacked?
Michael Schwendt
mschwendt at gmail.com
Fri Mar 15 12:18:43 UTC 2013
On Fri, 15 Mar 2013 11:53:12 +0000, agraham wrote:
> On 03/15/2013 11:16 AM, Georgios Petasis wrote:
> > I suspect that it is a joomla 1.5.26 exploit. I have found two php files
> > in the tmp folder of one web site,
> > and POSTs to them in the apache access log file.
> > (I know this is an old version of joomla, and I have made the mistake to
> > make the folders tmp, cache & log writtable by the apache in selinux...)
> >
> > Thus, I have shutdown the web server, and monitor the server for a few
> > days, to see if these firewall complains persist.
> >
>
> The only way to be sure the machine is clean is to re-install Fedora
> (and re-format) from scratch and
Certainly not "the only way", but it might be more easy than failing to
detect how the system has been modified. Simply running "rpm -Va" is
insufficient. Running an intrusion detector such as AIDE would have
been necessary to cover many more (if not all) installed files.
> probably and older version like F17 as
> F18 is very new.
That won't change a thing when installing an out-of-date Joomla that
is not included within the Fedora package collection.
--
Fedora release 19 (Schrödinger's Cat) - Linux 3.9.0-0.rc2.git0.2.fc19.x86_64
loadavg: 0.52 0.23 0.12
More information about the users
mailing list