slapper worm
Jason Edgecombe
jedgecombe at carolina.rr.com
Tue Jan 24 13:50:30 UTC 2006
Michael Mansour wrote:
>Hi Marc,
>
>
>
>>On Tue, 2006-01-24 at 08:42 +1000, Michael Mansour wrote:
>>
>>
>>>No I'm not sure. Reading through the link above, it does seem that you've hit
>>>the nail on the head with this one. I have two other FC1 machines and they
>>>weren't affected by Slapper (even when the 3rd one was). The FC1 machine that
>>>was, had the xmlrpc.php file which I've now removed.
>>>
>>>
>>Hi Michael,
>>
>>Do you know what installed the xmlrpc.php file? Was it something that
>>came with FC1, or was it something you installed yourself?
>>
>>I'm just trying to make sure Fedora Legacy has everything covered.
>>
>>
>
>It came from Drupal.
>
>Michael.
>
>
That sounds like the xmlrpc exploit for the pear library. I got hit by
that a few months ago. I was running b2evolution, but drupal was
affected as well. My host was a FC4 box with all updates in place
(w/mod_security and selinux enabled). I had to rebuild because I wasn't
sure the box was comprimised, but it was vulnerable (the exploit worked)
and it was under attack.
Jason
More information about the fedora-legacy-list
mailing list