Hi there, Not sure if this is proper place to post but here it goes. We got nailed by someone using c99shell today. They were able to upload and overwrite a bunch of index files. I am working on discovering how they were able to get it on our server. Here's some basic info. I am by no means a php expert. Should things be different? Is there a good paper out there somewhere in regards to windows / iis5 / php security? php 4.4.1 Safe Mode: OFF Open basedir: none Display Errors: ON Short Open Tags: ON File Uploads: ON Magic Quotes: ON Register Globals: ON Output Buffering: OFF Session save path: e:\PHP\sessiondata Session auto start: 0 XML enabled: Yes Zlib enabled: Yes Disabled Functions: none Here is also a snip of log (altered IP's and URL) of what I think is the hack of the site. (I could be wrong) 2006-04-29 23:47:46 x.x.x.x - x.x.x.x 80 GET /index.html - 200 0 958 105 172 HTTP/1.0 www.blah.com Wget/1.9.1 - - 2006-04-29 23:49:32 x.x.x.x - x.x.x.x 80 GET /index.html - 200 0 953 122 297 HTTP/1.1 www.blah.com libwww-perl/5.805 - - Thanks, Scot -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
