[CentOS] Strange Apache log entry
Keith Roberts
keith at karsites.net
Tue Aug 24 11:25:43 UTC 2010
On Sun, 22 Aug 2010, Gordon Messmer wrote:
> To: CentOS mailing list <centos at centos.org>
> From: Gordon Messmer <yinyang at eburg.com>
> Subject: Re: [CentOS] Strange Apache log entry
>
> On 08/22/2010 03:05 PM, Gilbert Sebenste wrote:
>> Thanks. They got a 404 error with me, obviously...but I wanted to make
>> sure it was nothing more than that.
>
> No, they didn't. That's why you were warned that it was a potentially
> successful probe.
>
> The exploit requires that you are running php and have a script that
> includes a file referenced by the global variable "g" (or maybe the http
> request varible "g"). You should check the files that appear at the
> URLs indicated in your logs. If any of those files are php, then you
> should further check those to see if they might include files based on
> the "g" variable. If so, you may have been compromised.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
So bolting down PHP really tight should address these hacks?
Keith
-----------------------------------------------------------------
Websites:
http://www.php-debuggers.net
http://www.karsites.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
More information about the CentOS
mailing list