Just a heads up .. seeking feedback from others
As far as I am aware BOA does not do any auto-updates of important packages .. Yet, two different BOA based hosting servers seemed to suffer updates to the csf/lfd toolkits at around the same date (the 8th and 9th of February) ...
These two hosts are based on two different service providers and thus different networks and had absolutely no relationship with each other .. not even via the odd script ..
I have been dig around the system, and see nothing else that was updated besides those two .. and the nature of the changes are definitely suspicious, and unless I can trace the changes to a valid auto-update, then I will have no choice but to quarantine the hosts and declare them exploited ..
So, please, share your experience here if you have encountered something similar .. thanks in advance ..
Comments
Check this
Check this thread
http://groups.drupal.org/node/177634
It sounds like it is just CSF/LFD auto updating and then telling you the files have been changed.
And it seems Configserver issued an update on february 8, 2013
http://blog.configserver.com/
I can confirm two of our
I can confirm two of our servers auto updated CSF around the same time if that helps.
The feedback is most re-assuringly .. Thanks
This is most re-assuring ..
Thanks for taking the time to provide feedback, snlnz and hafnius.
Please follow-up here:
Please follow-up here: http://drupal.org/node/1913394