View Single Post
  #7  
Old 7th December 2010, 12:56
isn isn is offline
Member
 
Join Date: Oct 2009
Posts: 56
Thanks: 6
Thanked 2 Times in 2 Posts
Default

Via httpd abuse, probably a sql inject a folder /tmp/.nt was installed on the server. There was a zip file and several others owned by apache. That is how processes were started on the server.

I've added mod_security and mod_evasive, hardened php and am hoping the Joomla upgrade proceeds.

The problem is solved. I'm looking for more agile intrusion detection to prevent this from happening again.
__________________
isn aka SEP from ITRC forums
Reply With Quote