ironshell is a web based php shell. If someone, using a bugged upload form, is able to upload the shell on your web space, he will take the power of any file and directory. It's easy, after uploading the shell, edit the index file and upload any other image or malicious script. I suggest you to debug any upload form before you re-open the website. On 10 July 2010 20:14, Sovichea SOU <svch_sou@xxxxxxxxxxx> wrote: > > > > I already requested my hosting provider to check server log. > > Well, I see other file. It is ironshell.php > > Any more idea? > > Thanks. > > Vichea > > On Sun, Jul 11, 2010 at 12:58 AM, Davide Baglieri <davidonzo@xxxxxxxxx>wrote: > > > Not only the index file was modified, but some file has been uploaded > > to the server: http://elt.edu.kh/1.gif > > > > I just can success you to look the server logs and find when and how > > the file 1.gif has been uploaded to the server. > > > > On 10 July 2010 19:54, Sovichea SOU <svch_sou@xxxxxxxxxxx> wrote: > > > Here it is: elt.edu.kh > > > I rename hacked file to http://elt.edu.kh/index_old.htm > > > > > > Thanks. > > > > > > > > > > > > On Sun, Jul 11, 2010 at 12:50 AM, Davide Baglieri <davidonzo@xxxxxxxxx > > >wrote: > > > > > >> > > >> > > >> Can you link us the hacked website? > > >> There is any public upload form? > > >> > > >> Maybe someone upload a C99 shell. > > >> > > >> > > >> > > > > [Non-text portions of this message have been removed] > > ------------------------------------ Are you looking for a PHP job? Join the PHP Professionals directory Now! http://www.phpclasses.org/jobs/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-objects/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/php-objects/join (Yahoo! ID required) <*> To change settings via email: php-objects-digest@xxxxxxxxxxxxxxx php-objects-fullfeatured@xxxxxxxxxxxxxxx <*> To unsubscribe from this group, send an email to: php-objects-unsubscribe@xxxxxxxxxxxxxxx <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
