[TriLUG] Possibly compromised Apache binary on my webserver
mpeters at plusthree.com
Fri Jun 12 09:20:57 EDT 2009
Mark Turner wrote:
> 1. Delete or rename your xmlrpc.php.
> 2. Clear your browser cache
> 3. See if Apache still sends xmlrpc.php to you. ("wget
> http://www.somesite.com/xmlrpc.php" should suffice)
Did you restart Apache in this testing? I'd suspect something caching the php
code before I'd suspect a compromised binary.
Plus Three, LP
More information about the TriLUG