Fscking Spammers

I had an early wake up call this morning and got to clean up the aftermath of a spammer who exploited an unpatched XMLRPC vulnerability to crack my server and send out some PayPal phishing spam. I’m pretty ticked about that, but that’s water under the bridge. I’ve patched the vulnerability in question, and thanks to running decent software, cleaned out the files they snuck on. In total it was 4 files and one directory.

Then I installed mod_security, and cranked up the SELinux rules to hopefully make it a little more difficult to exploit holes that I haven’t patched yet.