Search:
2021: notice malicious PHP files written in EVERY apache-writable directory in the filesystem. The malware is index.php files which do an include of a hidden .ico file e.g. .37eb5bf3.ico Decode the php with https://www.unphp.net/ 2021-02-28: Notice that these files all have different creation dates, from 2020-02 to 2021-02-13: the malware is able to set the dates Delete all the index.phps except for the five that are supposed to be on the system. Find them with * put a sample .ico file in ~/malware/sample-ico-malware find / -name index.php -print > /tmp/phps * delete all the hidden .ico find / -wholename /sys/kernel/slab -prune -o -regex ".*/\..*ico" -ls 2021-05-23: write ~daniel/scout/scout.pl to alarm on unregistered index.php files.
Summary:
This change is a minor edit.
To save this page you must answer this question:
What do you get when you remove the ARIS from Solaris?
Username: