Search:
2021: notice malicious PHP files written in EVERY apache-writable directory in the filesystem. The malware is index.php files which do an include of a hidden .ico file e.g. .37eb5bf3.ico Decode the php with https://www.unphp.net/ 2021-02-28 * Notice that these files all have different creation dates, from 2020-02 to 2021-02-13 - either the malware is able to set the dates, or they've been accumulating over time. * delete all the index.phps except for the ones in /etc/drupal. find them with * put a sample .ico file in ~/malware/sample-ico-malware find / -name index.php -print > /tmp/phps * delete all the hidden .ico find / -wholename /sys/kernel/slab -prune -o -regex ".*/\..*ico" -ls
Summary:
This change is a minor edit.
To save this page you must answer this question:
What do you get when you remove the ARIS from Solaris?
Username: