c99shell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,
 Not sure if this is proper place to post but here it goes. We got nailed by
someone using c99shell today. They were able to upload and overwrite a bunch
of index files. I am working on discovering how they were able to get it on
our server. Here's some basic info. I am by no means a php expert. Should
things be different? Is there a good paper out there somewhere in regards to
windows / iis5 / php security?

php 4.4.1
Safe Mode:  OFF
Open basedir:  none
Display Errors:  ON
Short Open Tags:  ON
File Uploads:  ON
Magic Quotes:  ON
Register Globals:  ON
Output Buffering:  OFF
Session save path:  e:\PHP\sessiondata
Session auto start:  0
XML enabled:  Yes
Zlib enabled:  Yes
Disabled Functions:  none

Here is also a snip of log (altered IP's and URL) of what I think is the 
hack of the site. (I could be wrong)

2006-04-29 23:47:46 x.x.x.x - x.x.x.x 80 GET /index.html - 200 0 958 105 172 
HTTP/1.0 www.blah.com Wget/1.9.1 - -
2006-04-29 23:49:32 x.x.x.x - x.x.x.x 80 GET /index.html - 200 0 953 122 297 
HTTP/1.1 www.blah.com libwww-perl/5.805 - -

Thanks,
 Scot

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux