[CentOS] Strange Apache log entry
Gordon Messmer
yinyang at eburg.com
Sun Aug 22 22:17:42 UTC 2010
On 08/22/2010 03:05 PM, Gilbert Sebenste wrote:
> Thanks. They got a 404 error with me, obviously...but I wanted to make
> sure it was nothing more than that.
No, they didn't. That's why you were warned that it was a potentially
successful probe.
The exploit requires that you are running php and have a script that
includes a file referenced by the global variable "g" (or maybe the http
request varible "g"). You should check the files that appear at the
URLs indicated in your logs. If any of those files are php, then you
should further check those to see if they might include files based on
the "g" variable. If so, you may have been compromised.
More information about the CentOS
mailing list