I agree with John Holmes that it is targeted at PHP. It is really
wonderfull thing to know that google, yahoo can detect my php code on
my site. These news item written by total uninformed (or Illinformed )
persons.
zareef ahmed
--
Zareef Ahmed :: A PHP Developer in India ( Delhi )
Homepage
I received the following and I would like to know what is meant by
making includes and requires safe:
[Quote]
News Story by Peter Sayer
DECEMBER 27, 2004 (IDG NEWS SERVICE) - The latest version of the Santy
worm poses an elevated risk to many Web sites built using the PHP
scripting language,
[snip]
To prevent these attacks, it may be necessary to recode the site to use
the include() and require() functions in a safe manner.
[/snip]
From http://www.php.net/include
If URL fopen wrappers are enabled in PHP (which they are in the
default configuration), you can specify the file to be
It uses search engines including
Google, Yahoo and AOL to identify exploitable Web pages written in PHP
that use the functions include() and require() in an insecure
manner, K-OTik said.
Exactly how is a worm going to know if I have include($crap) in my code
by searching google? Is it
4 matches
Mail list logo
