> Since they were kind enough to timestamp the download, you can
> correlate this with the access log and see the exact exploit used.
Files didn't exist... I look for them first. It appears that they were
downloaded and removed. Either way, it's been identified and temporarily
resolved.
-
On 2011-10-28 21:46, Gary Smith wrote:
I was tasked on tracking down the cause of a perl process that is hanging on a
client server. The server is opensuse, pretty much out of the box, patched
pretty current. Anyway, below is the first log entry where it looks like
someone attempted to run a
