me, too this would be interesting
bastien> Date: Fri, 9 Nov 2007 09:01:09 -0600> From: [EMAIL PROTECTED]> To:
[EMAIL PROTECTED]> CC: [EMAIL PROTECTED]; php-general@lists.php.net> Subject:
Re: [PHP] Help securing a server : Owned by W4n73d H4ck3r> > On 11/9/07, Daniel
Brown <[EMAIL PROTECTED]> wrote:> >> > On Nov 9, 2007 9:27 AM, robert mena
<[EMAIL PROTECTED]> wrote:> > > Hi,> > >> > > One server that hosts several
domains ended up with the message "Owned> > > by W4n73d H4ck3r". While still
performing an audit I am very> > > confident that this was caused by a php
script (it is a linux server)> > > uploaded via FTP or by a defective site
hosted (perhaps vulnerable> > > version of a CMS).> > >> > > The symptons seem
clear, files owned by apache are vulnerable and the> > > attacker script
scanned the web tree and started running.> > >> > > So, basically two
questions:> > > - how to detect where this came from> > > - how to prevent it
from happening again> > >> > > Thanks.> > >> > > --> > > PHP General Mailing
List (http://www.php.net/)> > > To unsubscribe, visit:
http://www.php.net/unsub.php> > >> > >> >> > Robert,> >> > That's really not so
much a PHP question, but a general Linux> > security question. Primarily, my
job is computer forensics and> > security, so if you'd like, you can reply to
me off-list and I'll be> > glad to offer you a hand.> >> > --> > Daniel P.
Brown> > [office] (570-) 587-7080 Ext. 272> > [mobile] (570-) 766-8107> >> > If
at first you don't succeed, stick to what you know best so that you> > can make
enough money to pay someone else to do it for you.> > > I'd be interested in
reading this thread. OK with me to keep it on the list.> > David
_________________________________________________________________
Send a smile, make someone laugh, have some fun! Start now!
http://www.freemessengeremoticons.ca/?icid=EMENCA122