Creating symbolic links from a compromised account is a typical tactic that hackers use to gain access to files not owned by the account that they have hacked. To help prevent this you can apply a patch that was developed by Steven Ciaburri over at Rack911.com.
To install the patch run the following commands from ssh.
wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make
chmod 700 /scripts/before_apache_make
Then recompile apache using easyapache
You can also check a server for symbolic links that have already been created by running
find /home*/*/public_html -type l
If you want to remove the patch just do the following
rm -f /scripts/before_apache_make
#Rebuild apache after.
Ideal place for discussions related to Linux/Windows server security, Apache, MySQL, MS SQL and PHP, including tutorials and questions.
2 posts • Page 1 of 1
Thanks for the usefull post .. we have tried it and working fine ..
Who is online
Users browsing this forum: No registered users and 1 guest