mark edwards
Member
hello -
this morning i was alerted to a couple of rogue php scripts that mysteriously showed up in two places.
has anybody else seen a script called "n1.php" show up somewhere?
also, is there any source where i can "post" the script for further examination? i will see if ClamAV has something like that, but maybe i should post in other places as well.
i am tempted to create a temporary vps and try running the script & see what it does. i am too lazy to dissect the code.
EDIT:
i looked in all my logs for any reference to "n1.php" and blocked all those IP addresses. also removed n1.php of course.
this morning i was alerted to a couple of rogue php scripts that mysteriously showed up in two places.
has anybody else seen a script called "n1.php" show up somewhere?
also, is there any source where i can "post" the script for further examination? i will see if ClamAV has something like that, but maybe i should post in other places as well.
i am tempted to create a temporary vps and try running the script & see what it does. i am too lazy to dissect the code.
EDIT:
i looked in all my logs for any reference to "n1.php" and blocked all those IP addresses. also removed n1.php of course.
