Re(1): Mystery infestation strikes Linux/Apache Web sites
Posted by: Anonymous
on January 25, 2008 03:15 PM
My point is that the security note over at cpanel says that the file names that it creates are random 5 char names and then .js. Always exactly 5 chars. The regex posted will match any .js file with AT LEAST 5 chars. It will match abcde.js and it will also match abcdefghigklmnop.js. The article says that if you get any output with the posted regex then you are most likely infected. That's not true. In order to fix the regex, you would put a slash character at the beginning of the regex to match a directory , then have the [a-zA-Z]...