On 8/24/10, Keith Roberts keith@karsites.net wrote:
So bolting down PHP really tight should address these hacks?
As others have mentioned, this is trying to take advantage of a poorly written PHP script that doesn't sanitize/check the input before using. However, you could possibly lock down PHP further to reduce the possibility of such apps working by using the disabled_function setting to disable the riskier functions which allow shell/command/file operations. Of course depending on how aggressive you are, it could lead to scripts breaking.