[CentOS] Strange Apache log entry

Tue Aug 24 11:25:43 UTC 2010
Keith Roberts <keith at karsites.net>

On Sun, 22 Aug 2010, Gordon Messmer wrote:

> To: CentOS mailing list <centos at centos.org>
> From: Gordon Messmer <yinyang at eburg.com>
> Subject: Re: [CentOS] Strange Apache log entry
> 
> On 08/22/2010 03:05 PM, Gilbert Sebenste wrote:
>> Thanks. They got a 404 error with me, obviously...but I wanted to make
>> sure it was nothing more than that.
>
> No, they didn't.  That's why you were warned that it was a potentially
> successful probe.
>
> The exploit requires that you are running php and have a script that
> includes a file referenced by the global variable "g" (or maybe the http
> request varible "g").  You should check the files that appear at the
> URLs indicated in your logs.  If any of those files are php, then you
> should further check those to see if they might include files based on
> the "g" variable.  If so, you may have been compromised.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

So bolting down PHP really tight should address these hacks?

Keith

-----------------------------------------------------------------
Websites:
http://www.php-debuggers.net
http://www.karsites.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------