On Sun, 13 Jan 2008 16:25:15 -0800 Ray Van Dolson rayvd@bludgeon.org wrote:
On Sun, Jan 13, 2008 at 02:14:04PM -0500, Mark Weaver wrote:
those patches didn't do much for keeping one of my systems from being breached via php. from the looks of the web server logs as well as the messages log file that's where they got in.
being the anul sort I am I first thought they'd breached the system through ssh, but that wasn't the case.
I'd be willing to bet it was an application-specific hole that was utilized to breach your system.
Ray
That's always a possibility, but to my knowledge it wasn't anything I was aware of at the time, and since I do most of my app development in Perl it wasn't anything I personally wrote. The only other apps that were on the system at the time was a php web site and forum. php-cli was part of the problem; i.e. the weakness that made the exploit possible. I personally can think of no reason at all for php-cli.
Mark