[CentOS] httpd - mysql - paypal.com.tar - hacker

R P Herrold herrold at centos.org
Fri Aug 21 21:24:18 UTC 2009

On Fri, 21 Aug 2009, Gregory P. Ennis wrote:

> place.  I looked like the hacker downloaded his paypal spoof files into
> a subdirectory of /var/www/phpmyadmin
> I am running 5.3 with all current updates.

and third party software as well.

We do not ship phpmyadmin, and clearly and repeatedly caution 
against it in the IRC channel -- its CVE history is 
appalling, and people are just not willing to remove it, or 
limit it to just a specific IP (not that I expect its ACL 
model to work either)

-- Russ herrold

More information about the CentOS mailing list