On Mon, Jan 8, 2018 at 4:41 PM, Lew Wolfgang <wolfgang@sweet-haven.com> wrote:
On 01/08/2018 01:06 PM, Greg Freemyer wrote:
That seems like what is happening. I setup Wordpress as a test a couple years ago.
There are php files in there with datestamps of Dec 28,2017 or newer. I haven't looked at that stuff since 2016 it seems.
The WP stuff is not in use, so I think I can just wipe it out.
Done. Let's see what happens now.
Hi Greg,
Of course you realize that you can never trust that system again until it's rebuilt from scratch? I'd be tempted to run one of the rootkit detection programs too. Maybe rkhunter? Also, have you scanned for unusual open ports?
Regards, Lew
Agreed on needing to do a rebuild from scratch. Until an hour ago, I thought a bad guy just figured out how to use it as a relay. Now I know about the php files, it changes things. A lot. The good news is this is a fully isolated PC and I treat is as unsecure anyway. No confidential data kept on it unless it is encrypted, etc. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org