Re: [PHPwestoz] are there any know php vulnerabilities around?

["firepages.com.au" <fire@firepages.com.au>]

You running phpBB ? if so patch it (or FUD yourself up ...
http://fud.prohost.org)

Its unlikely to be a vunerability in PHP itself , more likely a PHP or PERL
application (phpBB && Awstats both recently compromised to this extent)

Regards,
Simon.


----- Original Message -----
From: "Sol Hanna" <sol@autonomon.net>
To: <PHPwestoz@lists.linux.org.au>
Sent: Wednesday, February 16, 2005 5:11 PM
Subject: [PHPwestoz] are there any know php vulnerabilities around?


> Mondo bad news - my server just got cracked! >:o
>
> The crack involved index.php files in all directories under the web root
> being overwritten with an intelligent bit of cracker poetry thus:
>
> "Noturnos Crimez... OwnZ yOu, By Lord Cha0s.. * Mais um Dia se
> passa..tudo novo.. mais pq eu sempre me ferro? fiko triste.. e tudo por
> causa de uma minina que eu amo d+... nossa.. eu daria tudo pra tela
> comigo. nos meus braços abraçala , beijala.. pedir desculpas a ela..
> nossa.. eu seria o cara mais feliz se vesse ela a ultima vez.. soh
> queria dizer .. GISLAINE EU TI AMO! d+!!!!!"
>
> Just a text file.
>
> That seems to be the extent of the damage, though I'm still quite pissed
> off. Given that it has only affected index.php files in this way, it
> seems that a PHP vulnerability is to blame. Anyone know anything about
> this so I know how to take action to prevent it?????
>
> ta very much; sol :'(
>
> _______________________________________________
> PHPwestoz mailing list
> PHPwestoz@lists.linux.org.au
> http://lists.linux.org.au/listinfo/phpwestoz
>