Also check if /usr/local/solusvm/www/rofl.php exists and if yes, delete it. Somebody could have already used the exploit before you removed centralbackup.php
Mother FLOWER! What happens when your admin panel is locked to vpn/selected IP's? Will the user still be able to use those info? A lot of big provider might have been snapped if this is possible.It gives full root to the solus master.
You can then dump the database or do whatever you really want.
It doesn't matter. It drops the exploit on the node itself and the user can go to town. being in /www means that any user can view it.Mother FLOWER! What happens when your admin panel is locked to vpn/selected IP's? Will the user still be able to use those info? A lot of big provider might have been snapped if this is possible.
$ find /usr/local/solusvm -type f -printf
Sunday, June 16, 2013
12:47:18 PM GMT 0
Dear Tim Flavin (Hostigation),
PLEASE READ THIS INFORMATION CAREFULLY. THIS INFORMATION IS RELEVANT TO ALL VERSION OF SOLUSVM, INCLUDING BETA VERSIONS.
In the last few hours a security exploit has been found. This email is to inform you of a temporary fix to eliminate this exploit whilst the issue is patched and transferred to our file servers for release.
You will need root SSH access to your master server. You are then required to delete the following file: