[CentOS] httpd - mysql - paypal.com.tar - hacker
R P Herrold
herrold at centos.org
Fri Aug 21 21:24:18 UTC 2009
On Fri, 21 Aug 2009, Gregory P. Ennis wrote:
> place. I looked like the hacker downloaded his paypal spoof files into
> a subdirectory of /var/www/phpmyadmin
> I am running 5.3 with all current updates.
and third party software as well.
We do not ship phpmyadmin, and clearly and repeatedly caution
against it in the IRC channel -- its CVE history is
appalling, and people are just not willing to remove it, or
limit it to just a specific IP (not that I expect its ACL
model to work either)
-- Russ herrold
More information about the CentOS