John Nichel wrote:
I haven't fully researched it yet, but our domains were just hacked, and from the looks of it, the attack came in thru phpBB. This morning, around 9:00am, I upgraded our webserver to php v4.3.10 from v4.3.9 due to potential security risks, and at 11:30 it looks as if the attack started. By 11:48, all of the php pages, on all of our domains were replaced by one like this...
http://john.nichel.net
I don't know if this is a PHP problem or a phpBB problem as of yet, but I wanted to get the word out here so that y'all can take precautions if neccessary. I disabled the system() function on our box, and may need to take further action as I discover more.
Below is what I believe to be the 'offensive' access from the Apache logs on the domain where the attack started. If you see something that I'm missing, please let the list know.
To quote someone semi-famous...."Google is your friend" :-)
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
