On Sun, 22 Aug 2010, Gordon Messmer wrote:
> To: CentOS mailing list <centos@xxxxxxxxxx>
> From: Gordon Messmer <yinyang@xxxxxxxxx>
> Subject: Re: Strange Apache log entry
>
> On 08/22/2010 03:05 PM, Gilbert Sebenste wrote:
>> Thanks. They got a 404 error with me, obviously...but I wanted to make
>> sure it was nothing more than that.
>
> No, they didn't. That's why you were warned that it was a potentially
> successful probe.
>
> The exploit requires that you are running php and have a script that
> includes a file referenced by the global variable "g" (or maybe the http
> request varible "g"). You should check the files that appear at the
> URLs indicated in your logs. If any of those files are php, then you
> should further check those to see if they might include files based on
> the "g" variable. If so, you may have been compromised.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
So bolting down PHP really tight should address these hacks?
Keith
-----------------------------------------------------------------
Websites:
http://www.php-debuggers.net
http://www.karsites.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
