On Sun, 13 Jan 2008 16:25:15 -0800 Ray Van Dolson <rayvd at bludgeon.org> wrote: > On Sun, Jan 13, 2008 at 02:14:04PM -0500, Mark Weaver wrote: > > those patches didn't do much for keeping one of my systems from > > being breached via php. from the looks of the web server logs as > > well as the messages log file that's where they got in. > > > > being the anul sort I am I first thought they'd breached the system > > through ssh, but that wasn't the case. > > I'd be willing to bet it was an application-specific hole that was > utilized to breach your system. > > Ray That's always a possibility, but to my knowledge it wasn't anything I was aware of at the time, and since I do most of my app development in Perl it wasn't anything I personally wrote. The only other apps that were on the system at the time was a php web site and forum. php-cli was part of the problem; i.e. the weakness that made the exploit possible. I personally can think of no reason at all for php-cli. Mark