On Fri, Sep 11, 2009 at 3:16 PM, Randal Rust <randalr...@gmail.com> wrote: > On Fri, Sep 11, 2009 at 3:11 PM, Chris Snyder <chsny...@gmail.com> wrote: > >> They tar'd up the data from where? It might help you to know what >> directory it was uploaded to. > > Yeah, they seem to be short on that detail, even though I posed the question. > >> But really, the problem could be anywhere in the system. > > I am fairly certain which domain it was. It's the one with an old > version of CakePHP that we inherited. >
Heh. You mean the version you can't upgrade because it would break everything? Maybe it's time to see if you can put a Web Application Firewall in front of the box or install mod_security or something along those lines. The answer to your original question (pinpointing the upload) is to grep through the Apache logs for suspicious POSTs. Sounds like a lot of fun if you don't have any idea when it happened. _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php
