On Sep 19, 2013, at 9:14 AM, Arno Kuhl <a...@dotcontent.net> wrote:

> Arno: If you can request that file using a web browser, and it gets executed
> as PHP on your server then there is an error in the Apache configuration.
> Easy test: create a file in a text editor containing some PHP (<?php
> phpinfo(); ?> would be enough) and upload it to the www root of your site
> and name it test.pgif. Then hit http://www.yourdomain.com/test.pgif in your
> browser. If you see the PHP code or an error then you're fine. If you see
> PHP's info page then you need to change web host as quickly as possible. I
> don't care if they fix it - the fact their server was configured to do this
> by default is enough for me to never trust them again.
> -Stuart
> --
> Thanks Stuart. I just tried it now, test.php.pgif displayed the info while
> test.xyz.pgif returned the content, confirming the problem. My service
> provider finally conceded the problem is on their side and are looking for
> an urgent fix, much too complicated to consider moving service providers in
> the short term.
> As a side note, the sp said the issue is new and coincided with an upgrade
> to fastcgi recently, I wonder if the hacker was exploiting a known issue
> with that scenario?
> Cheers
> Arno

GoDaddy's default plesk-generated configuration for FastCGI-served PHP files 
only looked to see if the file contained ".php" somewhere on it's path - i.e. 
it would happily execute 'malicilous.php.txt' as php code, even something 
ridiculous like 'malware.phpnoreallyiwantthistorun'.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to