[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PHPwestoz] are there any know php vulnerabilities around?

To: phpwestoz@lists.linux.org.au
Subject: Re: [PHPwestoz] are there any know php vulnerabilities around?
From: Sol Hanna <sol@autonomon.net>
Date: Wed Feb 16 19:40:02 2005
In-reply-to: <051601c5140e$4fce1250$6500a8c0@firepage4bfx22>
List-archive: <http://lists.linux.org.au/archives/phpwestoz/>
List-help: <mailto:phpwestoz-request@lists.linux.org.au?subject=help>
List-id: PHP users in Western Australia (or nearby) <phpwestoz.lists.linux.org.au>
List-post: <mailto:phpwestoz@lists.linux.org.au>
List-subscribe: <http://lists.linux.org.au/listinfo/phpwestoz>, <mailto:phpwestoz-request@lists.linux.org.au?subject=subscribe>
List-unsubscribe: <http://lists.linux.org.au/listinfo/phpwestoz>, <mailto:phpwestoz-request@lists.linux.org.au?subject=unsubscribe>
Organization: Buddhist Society of Western Australia
References: <42130E5C.1070203@autonomon.net> <051601c5140e$4fce1250$6500a8c0@firepage4bfx22>
Reply-to: phpwestoz@lists.linux.org.au
Sender: phpwestoz-admin@lists.linux.org.au
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

firepages.com.au wrote:

You running phpBB ? if so patch it (or FUD yourself up ...
http://fud.prohost.org)

Its unlikely to be a vunerability in PHP itself , more likely a PHP or PERL
application (phpBB && Awstats both recently compromised to this extent)

Regards,
Simon.


----- Original Message -----
From: "Sol Hanna" <sol@autonomon.net>
To: <PHPwestoz@lists.linux.org.au>
Sent: Wednesday, February 16, 2005 5:11 PM
Subject: [PHPwestoz] are there any know php vulnerabilities around?

Mondo bad news - my server just got cracked! >:o

The crack involved index.php files in all directories under the web root
being overwritten with an intelligent bit of cracker poetry thus:

"Noturnos Crimez... OwnZ yOu, By Lord Cha0s.. * Mais um Dia se
passa..tudo novo.. mais pq eu sempre me ferro? fiko triste.. e tudo por
causa de uma minina que eu amo d+... nossa.. eu daria tudo pra tela
comigo. nos meus braços abraçala , beijala.. pedir desculpas a ela..
nossa.. eu seria o cara mais feliz se vesse ela a ultima vez.. soh
queria dizer .. GISLAINE EU TI AMO! d+!!!!!"

Just a text file.

That seems to be the extent of the damage, though I'm still quite pissed
off. Given that it has only affected index.php files in this way, it
seems that a PHP vulnerability is to blame. Anyone know anything about
this so I know how to take action to prevent it?????

Thanks for this tip Simon. I know that I'm not using a vulnerable version of phpBB because I was aware of the flaw in phpBB and was using a more recent version (2.0.11) that wasn't vulnerable. BUT I am using a vulnerable version of AwStats. I found out about it simply by Googling. There's an interesting article here: http://it.slashdot.org/article.pl?sid=05/02/08/1834203&tid=172&tid=156

It points to how phpBB can be attacked from perl. The very sad part of this story is that last night I noticed when I ran 'top' on my server that perl was using over 90% of cpu. I thought, "that's odd, there's no cron jobs scheduled for this time of night." so i killed the process and thought nothing more of it.

silly me. :-[

thankyou also to Leon. you've raised a lot of points that i want to look at more closely. i've been getting a bit lack about permissions, etc and this is the wake up call i needed to have a good review of what's going on. and thanks to you i've got a good starting point of reference.

thanks guys; sol :-)

References:
- [PHPwestoz] are there any know php vulnerabilities around?
  - From: Sol Hanna <sol@autonomon.net>
- Re: [PHPwestoz] are there any know php vulnerabilities around?
  - From: "firepages.com.au" <fire@firepages.com.au>

Prev by Date: Re: [PHPwestoz] are there any know php vulnerabilities around?
Next by Date: Re: [PHPwestoz] StrÃngÃ chÃrÃctÃres ÂÂÂ
Previous by thread: Re: [PHPwestoz] are there any know php vulnerabilities around?
Next by thread: Re: [PHPwestoz] are there any know php vulnerabilities around?
Index(es):
- Date
- Thread