Closed spacecabbie closed 1 year ago
Hi @spacecabbie It's easier to list the directories that can change (in 1.11.x):
There is no simple way to scan a database for foreign entries/injections.
If you fear injections through the recent RCE issue, remember that under recent Ubuntu systems, PHP going through Apache (libapache2-mod-php) cannot execute scripts. It would have to upload a PHP script and execute it. If so, you will first find traces of accesses to additional_webservices.php in your Apache access_logs.
Then you can probably use the "find" command to find files no older than a certain number of days (-cdate is an option to find files with a specific creation date) (unless these were deleted afterwards by another command). This should give you a first idea of whether scripts were uploaded, by which IP (if you track that) and then enable you to find more actions of that IP address in the logs.
Ok thanks, Regarding files that can change thanks for that list I will tightener folder rights. This list will help.
They got in via a other site hosted on the same file system this has been cleaned i feared the DB might be affected as well. What you said here puts my mind at ease.
I still fear my DB is still corrupt/inconsistent but this is more a ongoing issue, this is a good as time as any to try and tackle them couple of questions if i may:
Please feel free to close the ticket after your reply.
SELECT * FROM c_item_property WHERE c_id NOT IN (SELECT id FROM course)
.
Greetings, couple of quick questions:
what directory's if any are static and should not change (to do a reference scan on with original install files) Is there a way to scan and check the DB on foreign entry's/injections ?