On Fri, 15 Mar 2013 11:53:12 +0000, agraham wrote: > On 03/15/2013 11:16 AM, Georgios Petasis wrote: > > I suspect that it is a joomla 1.5.26 exploit. I have found two php files > > in the tmp folder of one web site, > > and POSTs to them in the apache access log file. > > (I know this is an old version of joomla, and I have made the mistake to > > make the folders tmp, cache & log writtable by the apache in selinux...) > > > > Thus, I have shutdown the web server, and monitor the server for a few > > days, to see if these firewall complains persist. > > > > The only way to be sure the machine is clean is to re-install Fedora > (and re-format) from scratch and Certainly not "the only way", but it might be more easy than failing to detect how the system has been modified. Simply running "rpm -Va" is insufficient. Running an intrusion detector such as AIDE would have been necessary to cover many more (if not all) installed files. > probably and older version like F17 as > F18 is very new. That won't change a thing when installing an out-of-date Joomla that is not included within the Fedora package collection. -- Fedora release 19 (Schrödinger's Cat) - Linux 3.9.0-0.rc2.git0.2.fc19.x86_64 loadavg: 0.52 0.23 0.12 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
