[PHPwestoz] are there any know php vulnerabilities around?
sol at autonomon.net
Wed Feb 16 19:40:02 UTC 2005
>You running phpBB ? if so patch it (or FUD yourself up ...
>Its unlikely to be a vunerability in PHP itself , more likely a PHP or PERL
>application (phpBB && Awstats both recently compromised to this extent)
>----- Original Message -----
>From: "Sol Hanna" <sol at autonomon.net>
>To: <PHPwestoz at lists.linux.org.au>
>Sent: Wednesday, February 16, 2005 5:11 PM
>Subject: [PHPwestoz] are there any know php vulnerabilities around?
>>Mondo bad news - my server just got cracked! >:o
>>The crack involved index.php files in all directories under the web root
>>being overwritten with an intelligent bit of cracker poetry thus:
>>"Noturnos Crimez... OwnZ yOu, By Lord Cha0s.. * Mais um Dia se
>>passa..tudo novo.. mais pq eu sempre me ferro? fiko triste.. e tudo por
>>causa de uma minina que eu amo d+... nossa.. eu daria tudo pra tela
>>comigo. nos meus braços abraçala , beijala.. pedir desculpas a ela..
>>nossa.. eu seria o cara mais feliz se vesse ela a ultima vez.. soh
>>queria dizer .. GISLAINE EU TI AMO! d+!!!!!"
>>Just a text file.
>>That seems to be the extent of the damage, though I'm still quite pissed
>>off. Given that it has only affected index.php files in this way, it
>>seems that a PHP vulnerability is to blame. Anyone know anything about
>>this so I know how to take action to prevent it?????
Thanks for this tip Simon. I know that I'm not using a vulnerable
version of phpBB because I was aware of the flaw in phpBB and was using
a more recent version (2.0.11) that wasn't vulnerable. BUT I am using a
vulnerable version of AwStats. I found out about it simply by Googling.
There's an interesting article here:
It points to how phpBB can be attacked from perl. The very sad part of
this story is that last night I noticed when I ran 'top' on my server
that perl was using over 90% of cpu. I thought, "that's odd, there's no
cron jobs scheduled for this time of night." so i killed the process and
thought nothing more of it.
silly me. :-[
thankyou also to Leon. you've raised a lot of points that i want to look
at more closely. i've been getting a bit lack about permissions, etc and
this is the wake up call i needed to have a good review of what's going
on. and thanks to you i've got a good starting point of reference.
thanks guys; sol :-)
More information about the PHPwestoz