URL injections information
URL Injection attacks typically mean the server for which the IP address of theĀ attacker is bound is a compromised server. Please check the server behind the IP address above for suspicious files in /tmp, /var/tmp, /dev/shm, along with checking the process tree (ps -efl or ps -auwx). You may also want to check out http://www.chkrootkit.org/ and http://www.rootkit.nl/ as tools which should be usedĀ in addition to checking the directories and process tree. Please use “ls -lab” for checking directories as sometimes […]
Read More