Creating symbolic links from a compromised account is a typical tactic that hackers use to gain access to files not owned by the account that they have hacked. To help prevent this you can apply a patch that was developed by Steven Ciaburri over at Rack911.com

To install the patch run the following commands from ssh.

wget http://layer1.rack911.com/before_apache_make -O /scripts/before_apache_make
chmod 700 /scripts/before_apache_make

Then recompile apache using easyapache

/scripts/easyapache

You can also check a server for symbolic links that have already been created by running

find /home*/*/public_html -type l

If you want to remove the patch just do the following

rm -f /scripts/before_apache_make
#Rebuild apache after.
/scripts/easyapache

If you need additional help please check out rack911.com


Leave a Reply

Your email address will not be published. Required fields are marked *

To submit solve the problem below *