On Thu, 20 Oct 2005 11:57:47 -0400 James Kosin wrote:
On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114 accessed my web-server trying to access a file called main.php in the following places:
[snip]
Of course, this attack fell on deaf ears on my server.... but, I'd like everyone to know since this is a security risk if they do have a PHP document configuring some of these administrative tasks open on the internet.
Looks like somebody trying to exploit vulnerabilities within all or some versions of PhpMyAdmin. Happened to me too, but no cigar there either, as I've told apache to grant access to that program only to 2 specific IP addresses. And the idiot wasn't one of these :)
The best suggestion I could give is to limit by IP address the access to that program, as said above, in httpd.conf or in some .htaccess (not sure of that)... And check on the website of phpmyadmin whether they solved this specific problem or not. (i'm about to go home)
I don't think this specific security problem is relevant to FedoraLegacy, since it is not a RPM essential or present in the various RH/Fedora versions catered by it.
Tomorrow I'll check deeper into that, to see whether it is a security problem regarding instead one or more releases of PHP itself.
b. -- +--------------------------------------------------------------------+ | Barbara Pennacchi barbara.pennacchi (at) istc.cnr.it | | Consiglio Nazionale delle Ricerche | | Istituto di Scienze e Tecnologie della Cognizione | | Via S. Martino della Battaglia 44, 00185 Roma, Italia | | http://www.istc.cnr.it/ | +--------------------------------------------------------------------+ -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
