Michael Mansour wrote:
Hi Marc,
On Tue, 2006-01-24 at 08:42 +1000, Michael Mansour wrote:
No I'm not sure. Reading through the link above, it does seem that you've hit
the nail on the head with this one. I have two other FC1 machines and they
weren't affected by Slapper (even when the 3rd one was). The FC1 machine that
was, had the xmlrpc.php file which I've now removed.
Hi Michael,
Do you know what installed the xmlrpc.php file? Was it something that
came with FC1, or was it something you installed yourself?
I'm just trying to make sure Fedora Legacy has everything covered.
It came from Drupal.
Michael.
That sounds like the xmlrpc exploit for the pear library. I got hit by
that a few months ago. I was running b2evolution, but drupal was
affected as well. My host was a FC4 box with all updates in place
(w/mod_security and selinux enabled). I had to rebuild because I wasn't
sure the box was comprimised, but it was vulnerable (the exploit worked)
and it was under attack.
Jason
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list