Re: slapper worm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Michael Mansour wrote:

Hi Marc,

On Tue, 2006-01-24 at 08:42 +1000, Michael Mansour wrote:
No I'm not sure. Reading through the link above, it does seem that you've hit
the nail on the head with this one. I have two other FC1 machines and they
weren't affected by Slapper (even when the 3rd one was). The FC1 machine that
was, had the xmlrpc.php file which I've now removed.
Hi Michael,

Do you know what installed the xmlrpc.php file? Was it something that
came with FC1, or was it something you installed yourself?

I'm just trying to make sure Fedora Legacy has everything covered.

It came from Drupal.

Michael.
That sounds like the xmlrpc exploit for the pear library. I got hit by that a few months ago. I was running b2evolution, but drupal was affected as well. My host was a FC4 box with all updates in place (w/mod_security and selinux enabled). I had to rebuild because I wasn't sure the box was comprimised, but it was vulnerable (the exploit worked) and it was under attack.

Jason

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux