On Sun, 22 Aug 2010, Gordon Messmer wrote: > To: CentOS mailing list <centos at centos.org> > From: Gordon Messmer <yinyang at eburg.com> > Subject: Re: [CentOS] Strange Apache log entry > > On 08/22/2010 03:05 PM, Gilbert Sebenste wrote: >> Thanks. They got a 404 error with me, obviously...but I wanted to make >> sure it was nothing more than that. > > No, they didn't. That's why you were warned that it was a potentially > successful probe. > > The exploit requires that you are running php and have a script that > includes a file referenced by the global variable "g" (or maybe the http > request varible "g"). You should check the files that appear at the > URLs indicated in your logs. If any of those files are php, then you > should further check those to see if they might include files based on > the "g" variable. If so, you may have been compromised. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos So bolting down PHP really tight should address these hacks? Keith ----------------------------------------------------------------- Websites: http://www.php-debuggers.net http://www.karsites.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------