Yeah, definatley reason to explore the possibilities... But this is really my own stupid fault it got there in the first place... I had an image upload form and I didn't tell it only to accept image/jpeg or image/gif
Resolution... I deleted everything, and took down the upload form and notified my webhost... I guess it wasn't the first time they've seen this... So the are taking action on it and probably canceling my account... LOL... Thanks for all your help! Joe -----Original Message----- From: Joel Rees [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 3:10 AM To: Joe Harman; [EMAIL PROTECTED] Subject: Re: [PHP] Possible My Website was hacked... with PHP... please tell me what this is??? Assuming you are not just trolling, > Fortunatly I don't think they were doing something correctly, cause it > didn't deface my site like some of the others.... Don't count on it. They only deface servers they don't want to use. > ... > everyone can execute shell commands via system(); on your server. > -> delete the script ;) Oh, by all means, delete it if you want. But it's not the hole it came in through, and it's not the real backdoor. It's so blatent, I'd guess it's a script kiddy or a decoy. Even if it's a script kiddy, you _want_ to know how it got on the box. I'd take the box offline, back up all the data and configuration files, and re-install the whole system and all programs from scratch. Go over every configuration file with a fine-tooth comb. If the machine is on a subnet and I controlled the subnet, I think I'd take the whole subnet down, including the firewall, and clean every machine up, not putting any machine back on the subnet until it was clean and any holes patched. If I didn't control the subnet, I'd make sure the persons who did know there had been a break-in. And if you have any valuable data, consider it to have been stolen. If you have credit card numbers, report the possibility of theft to the credit card companies. Etc. If you're trolling, go away. -- Joel Rees, programmer, Systems Group Altech Corporation (Alpsgiken), Osaka, Japan http://www.alpsgiken.co.jp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
