Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Linux

Linux php-exploit bot

Incidents.org writes to remind as that bot's aren't just for Windows. The recent PHP exploits have seen the use of the "kaiten" bot. After infection on the system it connects to an IRC server. It wou…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

Incidents.org writes to remind as that bot's aren't just for Windows. The recent PHP exploits have seen the use of the "kaiten" bot. After infection on the system it connects to an IRC server. It would primarily target linux systems. They do give a very good way to blunt most Linux bot-style malwares... Make /tmp it's own partition and mount it as non-executable. About 80% of bugs will try to copy themselves there first and if it can't run it's dead in the water. For those that don't want to repartition - a clever solution as well...
Don't forget to make /usr/tmp and /var/tmp symlinks. If you don't want to repartition: use a loopback file. Most Linux malware will compile itself on the target system. So removing development tools is always an option but a bit painful for many. And you may not be able to do without perl.