On 08/22/2010 03:05 PM, Gilbert Sebenste wrote:
Thanks. They got a 404 error with me, obviously...but I wanted to make sure it was nothing more than that.
No, they didn't. That's why you were warned that it was a potentially successful probe.
The exploit requires that you are running php and have a script that includes a file referenced by the global variable "g" (or maybe the http request varible "g"). You should check the files that appear at the URLs indicated in your logs. If any of those files are php, then you should further check those to see if they might include files based on the "g" variable. If so, you may have been compromised.