On Thu, Dec 15, 2011 at 1:48 PM, anax <anax@xxxxxxxx> wrote:
> Hi Rudi
> we once had a similar problem on a Web:
>
> This Web had this in particular that its home-page needed to be deleted
> daily and of course reinstalled immediately.
> Then, in a new version of the Web it did not need this delete/reinstall
> cycle any more, so the webadmin just removed the link to the delete
> script. He did not remove the delete-script itself from the Web.
> The effect was, that the home-page was still deleted at random times.
>
> What we then found out: We used an internal Search-Engine which crawled
> this web. And this Search-Engine had not forgotten the link to the
> delete-script, but invoked it at random times, whenever it crawled the
> particular Web.
>
> Your case: could it be something similar?
>
> suomi
>
Thanx for the advice. We found a script which seems to have been
modified somehow, probably hacker or a rootkit - don't yet know, but
we're looking to see if we can trace it down.
I don't want to reveal the code here due to it's uniqueness and I
don't want to attrack further attension to the sites by the
attack(er).
--
Kind Regards
Rudi Ahlers
SoftDux
Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
