[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 17/12/13 20:35, Martijn Grooten wrote: > Speaking of PHP worms, here's someone having set up a honeypot to see > what happened when attackers exploit old PHP vulnerabilities on a Linux > server: > > http://sempersecurus.blogspot.com/2013/12/a-forensic-overview-of-linux-perlbot.html > > > Martijn. > Thanks for that, it's a good read. The volatility RAM dump utility he uses is excellent, and I've used it quite extensively myself. The guy on this list who got his server compromised the other day really needs to read this article to get a big whack with the clue bat on why just plugging a few obvious gaps after a full root compromise is a catastrophically stupid thing to do. Even if the script kiddie was a moron, the toolkits they have access to are very sophisticated and quite capable of backdooring system files, creating hidden filesystem streams to cache data, etc. PHP is such a bug-ridden, crappy framework I try and keep it off all systems where possible. Regards -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq