Has anyone heard fo this one? What they do is to copy: index.php .cfm .htm .html .asp default.php .cfm .htm .html .asp to the root folder of every web site. I can't find much on it on the web. I thought I had figured it to be an old servu ftp server hack so I upgraded about 3 weeks ago but today upon reboot it happened again. Is this something that processgaurd could find running? Thanks John Cesta
Hi John, Not unless it requires a .exe to do it. ProcessGuard protects running processes from change, injection and closure and alerts on .exe's starting or when they are changed. It sounds like what you describe is a scripting exploit? Pilli
Where you able to find the hole and get the server back up and running clean? It seems we may have been hit with a similar hack, trying to figure out where and what is creating the files. thanks