On Sep 19, 2013, at 9:14 AM, Arno Kuhl <a...@dotcontent.net> wrote: > Arno: If you can request that file using a web browser, and it gets executed > as PHP on your server then there is an error in the Apache configuration. > > Easy test: create a file in a text editor containing some PHP (<?php > phpinfo(); ?> would be enough) and upload it to the www root of your site > and name it test.pgif. Then hit http://www.yourdomain.com/test.pgif in your > browser. If you see the PHP code or an error then you're fine. If you see > PHP's info page then you need to change web host as quickly as possible. I > don't care if they fix it - the fact their server was configured to do this > by default is enough for me to never trust them again. > > -Stuart > -- > > Thanks Stuart. I just tried it now, test.php.pgif displayed the info while > test.xyz.pgif returned the content, confirming the problem. My service > provider finally conceded the problem is on their side and are looking for > an urgent fix, much too complicated to consider moving service providers in > the short term. > > As a side note, the sp said the issue is new and coincided with an upgrade > to fastcgi recently, I wonder if the hacker was exploiting a known issue > with that scenario? > > Cheers > Arno >
GoDaddy's default plesk-generated configuration for FastCGI-served PHP files only looked to see if the file contained ".php" somewhere on it's path - i.e. it would happily execute 'malicilous.php.txt' as php code, even something ridiculous like 'malware.phpnoreallyiwantthistorun'. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
