Re: Spamming other servers virus via apache, how did it get in, and how to get it out
just because there is no changed files between your backup and current website, doesn't necessarily mean the problem absolutely is outside of /var/www, but it probably is. I would think XSS and CSRF would show up in the apache logs, but those could be possible problems especially if you wrote the site yourself (it can be easy for 1 person to miss some mistakes), and they would not need to alter any file on the website. If it is outside /var/www, then its possible someone got in from an other open service, maybe ssh server is running, maybe someone had physical access to the machine, etc. Without more information is hard to tell. I tend to believe the problem probably lies in /var/www or in apache itself, though, because the problem is leaving entries in the apache.log file.
python -c 'print hex(3 << ((1024/4)-2))[:-1]'
python -c 'print hex((1 << (1024/4))-1)[:-1]'
Bookmarks