View Single Post
Old 7th December 2010, 12:56
isn isn is offline
Join Date: Oct 2009
Posts: 57
Thanks: 6
Thanked 3 Times in 3 Posts

Via httpd abuse, probably a sql inject a folder /tmp/.nt was installed on the server. There was a zip file and several others owned by apache. That is how processes were started on the server.

I've added mod_security and mod_evasive, hardened php and am hoping the Joomla upgrade proceeds.

The problem is solved. I'm looking for more agile intrusion detection to prevent this from happening again.
isn aka SEP from ITRC forums
Reply With Quote