Lately I’ve noticed that my server’s main index.php file is getting moved to index(x+1).php (e.g. index3.php), but the only thing I can link it to is Apache updates. Is there a way to disallow my index.php file from being touched (or any of the Apache htdocs root)? I’ve checked for security concerns, but nothing seems out of the ordinary. Comments? Suggestions?
Linux Server 188.8.131.52-0.1-default #1 SMP 2008-10-14 22:17:43 +0200 i686 athlon i386 GNU/Linux
openSUSE 10.3 (i586)
VERSION = 10.3
'rpm -qa |grep apache':
'ls -l /srv/www/htdocs/index.php':
-rw-r--r-- 1 wwwrun www 2134 2008-11-23 18:58 index.php
index.php isn’t installed by any of the base Apache packages. Apache doesn’t know anything about PHP, PHP is just another loadable module. The PHP package apache2-mod_php5 doesn’t install index.php So you have to look elsewhere other than Apache package updates for the culprit.
I haven’t installed any non-OpenSuSE packages ever, so either it’s a package’s script creating an index.php file (not necessarily provided directly as a file in the RPM) or my server is compromised. Any better details or ideas? Thanks for the reply.
No idea really. Do you have ftp upload to your server or something that might rename files? Do you have some kind of content management system? What is in the index*.php files? Same thing or some changes? What about the timestamp on the files? Any particular time it happens?
-----BEGIN PGP SIGNED MESSAGE-----
I’ve installed a SLES server before with the PHP modules and Apache and
never had a PHP script magically show up. If you installed any apps
(SUSE-shipped or otherwise) that are apps that run within Apache with
PHP then maybe those put it there. Otherwise your box is probably
> ken_yap;1900289 Wrote:
>> index.php isn’t installed by any of the base Apache packages. Apache
>> doesn’t know anything about PHP, PHP is just another loadable module.
>> The PHP package apache2-mod_php5 doesn’t install index.php So you have
>> to look elsewhere other than Apache package updates for the culprit.
> I haven’t installed any non-OpenSuSE packages ever, so either it’s a
> package’s script creating an index.php file (not necessarily provided
> directly as a file in the RPM) or my server is compromised. Any better
> details or ideas? Thanks for the reply.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----