[Deskaheh-sysadmin] Hamilton site & the hack
finn c.
finn at animal-liberation.org.nz
Thu Apr 28 19:33:01 PDT 2005
Hi,
fun fun ..
On Thu, Apr 28, 2005 at 10:14:14PM -0400, John Milton wrote:
> I have found a couple of uploads to the media gallery on Hamilton today
> sent within the last 24 hrs. with file names of "cmd.php".
>
> File size was listed as 0K
>
> I purged them from the database and the site seems to be undamaged, can
> someone who knows please assure me, or not, as to if we are vulnerable?
Our dada installs are vulnerable - they should be upgraded to 0.99 asap.
I'm really short of time at the mo, if you know of anyone who could
assist with an upgrade please ask if they could help out.
In the future, it'd be great if you could move the dodgy file out of a
web readable directory and place it somewhere safe, so we can examine
its contents.
> I do not know if our version is too old, or if we have been "patched"
I had a look at our apache configuration this morning, and it should be
disallowing access to .php and other nasty files like perl etc. So a
hacker will be able to upload a nasty file, but won't be able to execute
it. I will apply the patches when I get home from work.
seeya,
finn
--
pgp encrypted mail welcome -
keyid: DB8FD9D4 keyserver: keys.indymedia.org
00DE FE12 A499 B1B9 4507 6490 D013 155B DB8F D9D4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.indymedia.org/pipermail/deskaheh-sysadmin/attachments/20050429/e9bbb215/attachment.pgp
More information about the Deskaheh-sysadmin
mailing list